Share this article

Improve this guide

Covid-19 inspired hackers target Office 365 SMB users

2 min. read

Updated onOctober 4, 2023

updated onOctober 4, 2023

Share this article

Improve this guide

Read our disclosure page to find out how can you help Windows Report sustain the editorial teamRead more

Key notes

Just the other day, it emerged that hackers set up anOffice 365 phishing websiteto steal users’ Microsoft credentials. They targeted people affected by the COVID-19 crisis.

According toAbnormal Attack, hackers are now sending phishingemailsto small businesses that expect financial relief due to the effects of COVID-19. They’re primarily targeting enterprises with Office 365 accounts.

Malicious actors target Office 365 accounts

Malicious actors target Office 365 accounts

The attackers are after SMBs that have applied for COVID-19 relief from the government.

In the attack, the target receives anemailsent from aDropboxaccount, which is a legitimate domain. The message contains a link to a document on aDropboxdownload page.

However, clicking on download takes the potential victim to another page with an Office 365 image. But the user has to supply their Microsoft account credentials to access the document.

Since the O365 page is fake, it’s just a means for the attacker to collect the victim’s user name and password.

This attack is attempting to exploit current efforts by the government to provide relief funds for small business owners affected by COVID-19 closures and shelter-in-place orders.

Nearly 5000emailaccounts have received the phishingemail. One of the reasons why the attackers may succeed is that they’re offering correspondence that the victim expects.

Similarly, the malicious players are impersonating the government as well as using a legitimate launching platform,Dropbox.

Legitimate tech companies are improving their productivity tools in different ways against the backdrop of the COVID-19 pandemic. For example, Microsoft isoptimizingits workforce collaboration tool, Teams, to cater to the needs of its over 44 million daily users, including remote workers.

However, not every actor in the tech industry is looking at COVID-19 from that perspective. So, companies and individuals need to not only stay vigilant, but also keepsecuringtheir enterprise and personal data.

Have you ever usedDropboxor Office 365? Feel free to share your experience or ask any questions in the comments section below.

[wl_navigator]

More about the topics:Cybersecurity

Don Sharpe

Tech Journalist

Don has been writing professionally for over 10 years now, but his passion for the written word started back in his elementary school days. His work has been published on Livebitcoinnews.com, Learnbonds.com, eHow, AskMen.com, Forexminute.com, The Writers Network and a host of other companies.

User forum

0 messages

Sort by:LatestOldestMost Votes

Comment*

Name*

Email*

Commenting as.Not you?

Save information for future comments

Comment

Δ

Don Sharpe

Tech Journalist

Don has been writing professionally for over 10 years now, simplifying the tech universe for the mases.