Description:

An alert about phishing campaigns targeting Microsoft Office 365 login page.

Threats:

The attacker aim to gain access by stealing users credentials through Microsoft Office 365 login page by asking the user to verify his identity using 3 CAPTCHA tests - I am not a bot, which makes the user feel that it is a legitimate page that normally requests verification, after the user completes the verification process; It directs him to a phishing Microsoft Office 365 login page, and after the user enters its credential, the attacker steals the login data, which includes their email and password.

Best practice and Recommendations:

The CERT team encourages users to apply the below guidelines:

• Check the links before clicking on them. Correct login page: https://outlook.live.com/owa/
• Immediately change the password if you previously entered it with a phishing page.
• Follow the updates issued from the company's official page
• CERT also recommends the following some tips to protect you from phishing and social engineering:
  • https://cert.gov.sa/ar/awareness/habits-to-protect-you-from-phishing-and-social-engineering/
  • https://cert.gov.sa/ar/awareness/steps-to-avoid-being-a-victim-of-phishing-and-social-engineering/

Microsoft encourages users to follow the below best practice:

Technical mitigations:

• Ensure your computers and devices have the latest security updates installed.
• If possible, ensure computers and devices are running newer versions of software.
• Ensure that your computers, devices, and network are protected with robust antivirus protection, including methods to deploy the latest AV signature updates regularly.
• Enforce the use of strong passwords that need to be changed periodically.
• Implement a policy that requires multi-factor authentication.
• Configure apps on devices to protect privacy (limit sharing of information and data).
• Configure applications for stronger security (enabling encryption, etc.).
• Establish policies and process to regularly backup devices and computers in your enterprise.
• Encourage the use of cloud storage for essential documents.
• Establish policies that enable drive encryption (Bitlocker) for computers and devices in your enterprise.

Social mitigations (education):

• Keep employees up to date on types of emerging email scams, so that employees know what to watch out for.
• Encourage employees to be skeptical about any email they receive from someone they do not normally communicate with.
• Encourage employees to be wary of clicking links and attachments in email.
• In general, develop a healthy skepticism about messages, looking out for things that don't seem right.
• Encourage friends, family, and coworkers to refrain from posting links to online meetings in social media forums like Facebook and Instagram. You don't want to accidentally invite scammers and hackers to your online meeting.