check point Harmony Email and Collaboration team detects over 5,000 spoofed emails Microsoft Product notifications that could lead to email extortion, the cyber security company said on October 2. Emails stand out for their great appearance and inclusion of legitimate links.
The announcement comes as part of Cyber Security Awareness Month, highlighting the ongoing risks phishing attacks,
Email scam campaigns are known for their spectacular appearance
The emails appear to come from “organizational domains impersonating legitimate administrators”, making them appear to come from an internal administrator, co-worker, or business partner. The fake emails link to legitimate Microsoft or Bing pages, making it difficult for even security-conscious employees to scan suspicious URLs to detect scams.
Check Point noted that logging into a spoofed email – thereby giving the attacker your login information – “could lead to email account takeover, ransomware, information theft, or other negative consequences.” The team did not provide any information about whether the attackers have succeeded in exploiting anyone so far or not.
In 2023, Check Point found that Microsoft was most fake brand In phishing scams. Other companies that appeared most frequently in spoofing campaigns were Google, Apple, Wells Fargo, and Amazon.
WATCH: Teachers may be a disadvantaged community when it comes to cyber security trainingDespite the number of cyber attacks targeting schools.
How to stay safe from account information scams
Employees should feel empowered to personally reach out to administrators and coworkers whenever they suspect an email is not legitimate. If you’re not expecting a request to share a folder or collaborate through business software, verify the email directly with the person before engaging.
Individuals should also pay attention to misspellings or disorganized language. However, the scheme detected by Check Point gets around this by copying and pasting actual Microsoft privacy policy statements.
The old notion that sketchy emails always contain errors is no longer necessarily true. Attackers are aware of this expectation and often use correct grammar to make their phishing attempts more credible. Plus, generative AI makes it simple and fast to create grammatically correct emails.
to follow expert advice About keeping your organization cyber-secure:
- Keep operating systems and applications up to date, as security updates often include protection against the latest bugs.
- Use email services with reliable anti-spam filters.
- IT administrators should conduct regular awareness training for employees about recent techniques of scammers.
Additionally, be wary of emails that appear to come from big companies like Microsoft, but generally don’t match how you interact with their services. fortinet Recommends technical precautions, including using reverse IP address lookup tools and auditing email accounts with domain-based message authentication reporting and conformance protocols.
Email administrators should configure their mail servers so that unauthorized users cannot connect directly to the SMTP port. Similarly, ensuring SMTP connections from outside your firewall through a central mail hub This can help detect email spoofing if it occurs in your organization.
