Are you using Office 365? Is something phishy going on in your inbox? Here’s some advice on how to safeguard against email hacking.
One of the major cyber security threats that GNC Technology Limited are seeing at the minute is the hacking of email addresses using the following process:
- User receives an email from what looks like a legitimate source.
- The email contains a link to a document, such as an invoice.
- When you click on the link the user is presented with the username and password screen for Office 365.
- However this is not the actual Office 365 website, it is a spoofed website designed to look exactly like the email and password prompt Microsoft use.
- The user would enter their email address and password but receive a message to state the password was incorrect.
- In the background the hackers website has now recorded the username and password details and the hacker has access to the users mailbox and Office 365 account.
There are a number of ways to prevent the above but the most effective two are as follows: –
- User Education: Users should be educated as to the dangers of phishing style emails and websites, if you are presented with a login screen for example when not expecting one you should never attempt to login.
- Multi-Factor Authentication: Rather than simply relying on a username and password businesses should implement a second login requirement. In the example above GNC Technology Limited could implement the use of an SMS code, so to access the users mailbox the hacker would of needed the email address, password and a code sent to the users mobile phone.
If you have any concerns about phishing emails or any other Cyber Security matter, please contact firstname.lastname@example.org or call us on 0333 241 2544 and we will be happy to help. We help clients stay safe every day.