Skip to main content

A new phishing attack targeting Office 365 business email users - EM @QUE.com

A new phishing attack targeting Office 365 business email users was found using Punycode to go undetected by both Microsoft’s default security and desktop email filters, Avanan security researchers warn.
The attack is meant to steal Office 365 credentials and abuses a vulnerability in how Office 365 anti-phishing and URL reputation security layers deal with Punycode. The attack starts with fake FedEX email that include benign looking URLs meant to take users to malicious website. See image below.
office-365-business-users-targeted-in-punycode-based-phishing
By using Punycode and leveraging said flaw in the phish-detection engine, the URL actually resolves to two different domains, one safe, which is detected by Office 365, and the other malicious, which is followed by the browser.
The underlining issue is that Office 365’s default security treats the domain as plain ASCII when verifying whether it is legitimate or not. Because all modern browsers support Unicode character, the address is translated to its Unicode format when launched in the browser. This address is malicious and presents users with a fake Office 365 login page in an attempt to steal user credentials.
How to protect against phishing email or spear phishing email intended for the big fish in our organization?
  • Do not click in any links asking you to reset your password. Make it as a habit, never click on a link from your email :)
  • Use Two-Factor Authentication. I highly recommend that you use Two-Factor authentication when available, for your bank accounts, social networks e.g. LinkedIn, Facebook, etc. (The Two-Factor authentication is not available to Kiosk Email user.)
The Phishing Email is the same old method used when a malicious person, asking you to change your bank account password, compromised bank accounts, deposited money on your bank, UPS delivery, social media accounts, free Redskins ticket, free Washington Wizards tickets, and many other variations of fake email. According to PhishMe91% of CyberAttacks start with a Phishing Email. The hacked incidents of high profile staff at DNC is through phishing emails. Using this method is cheap, hard to detect, and easy to deploy.
Security awareness of everyone is important to minimize our exposure.
What is the worst case scenario if you click on a “bait” links?
  • The malicious user will have access to your account. For example, your email, social media, banks account, etc.
  • Or The malicious user will have full control of your computer through “reverse shell” access. Where they can see all files, install a back-door program to get back in, use your webcam, use your computer as bot for DDOS attack, anything they want.
What to do if you accidentally click a “bait” links?
  • When you click on a “bait” link or a bad attachment, you think nothing happen and move on with your routine tasks. But the malicious code is already executed in the background, you will not notice it that’s how it is design. Don’t ignore this simple mistake, reboot your workstation right away, this will end the session initiated by clicking the bad link.
  • Scan your workstation using your anti-virus/anti-malware software.
  • Report to your immediate supervisor or post in our comment below. Our community is willing to help.
The Center for Development of Security Excellence (CDSE.edu) website provides a fun way to test your awareness against Phishing Scams. Go to http://www.cdse.edu/shorts/cybersecurity.html# website, check the Phishing Scams video “Phishing Scams Avoid the Bait” and have fun.
Reference links:

Comments

Popular posts from this blog

Office365 - This resource doesn't accept meetings longer than 1440 minutes

When you create a meeting schedule for number of days, you will see an error  "This resource doesn't accept meetings longer than 1440 minutes". By default the mailbox or room was set for a maximum limit of 1440 minutes.

Here's how you can disable this limit.
Login to the Office 365 Administration ConsoleIn Microsoft Office 365 Exchange, click on Manage.In Manage My Orgnization, click the drop down arrow, and click on Select on Another User. This will prompt you to select the mailbox or room to manage.Select a Mailbox or Room, click OK.In Option, click on Settings.In Scheduling Options, un-check the "Limit meeting duration", then click on Save. That's all. You can now schedule a meeting or reserve a room for number of days.

Hope this help you.

If this helped you, please take the time to share this post by sharing using Google+, Facebook, Twitter, or LinkedIn

Out of Office Reply for Termed Employee

This is a sample Out of Office message that I used for termed employees, unless HR staff specified a different message.

=== Example for KING.NET Employee ===
John Doe (employee or consultant) is no longer with KING.NET effective June 1, 2013 (termination date). For matters relating to "Project Name here" please direct your concerns to John Smith at johnsmith@king.net (Manager or Supervisor). For all other matters, please direct your email to Mary Smith HR at marysmith@king.net.

Please call our main office 703-345-6789 if you have other concerns.
Thank you.

=== End of message ===

I posted this article year 2008 from my old blog.
http://whaddya.blogspot.com/2008/11/example-of-out-of-office-reply-for.html


If this helped you, please take the time to share this post by sharing using Google+, Facebook, Twitter, or LinkedIn

Facebook Business Valuation

Interesting post from Techcrunch.com about the Facebook valuation and I would like to share this to you folks. The picture graph provide a thousand words to fully explain their growth. Please click the image to see in full screen.