Usually, announcements of new software are for legitimate software, like the new version of Microsoft Office. It would be crazy and brazen for cybercriminals to announce the publication of their hacking software, such as a new version of their Office 365 Phishing Kit, but that’s exactly what they’ve done. What’s more shocking is that the announcement was published on the cybercriminal’s business page on Facebook, which purports to take down information that may lead to criminal activity. But it doesn’t end there: The software has been so effective at collecting a library of C-Level Senior Management Office 365 Login Credentials that those credentials are now for sale on the open market as well.
What The Office 365 Phishing Kit Does
The Office 365 Phishing Kit can be purchased by cybercriminals and installed on their own website. It can cloak itself so that it hides from security bots that are looking for it. The cybercriminals independently create lists of C-Level email addresses, which they often scrape from company websites, or from social media sites like LinkedIn.
The software then sends out emails with a message that tells the user that their email credentials are expiring, but that they can choose to keep their current password by validating it -- which of course means entering the password into a login form that resembles a legitimate Office 365 login page.
Of course, it’s at that point that the email credentials are stolen and sent to the cybercriminals, who then log into the email account and begin doing damage.
Is Someone Else Reading Your C-Level Email?
Are you a C-Level executive? Have you already become a victim of the Office 365 Phishing Kit? Back in June of 2020, we wrote about the C-Level Cyber Security Risk, which explained how the highest value targets in a company -- C-Level Executives -- were exactly the same people most likely to request more relaxed security rules. These senior staff were more likely to demand the ability to:
- Use their own devices
- Have relaxed password restrictions
- Avoid using Multi-Factor Authentication
Compounding these relaxed security requirements is the fact that many of these executives are not as technically savvy as lower level (and often younger) staff.
Well, now a report by Trend Micro reveals that C-Level Executive email credentials to their Office365 accounts have not only been stolen, but are for sale on the open market. That means that all inbound and outbound correspondence belonging to these C-Level executives may be visible to cybercriminals, putting financial accounts, personal credit, corporate resources, and potentially the entire company at risk.
The Dangerous After-Effects Of A Hacked Email Account
How could the entire company be put at risk when a single email account has been hacked by the Office 365 Phishing Kit, or any other method? It’s called "Social Engineering", is quite simple...and very scary.
Social Engineering is closely related to Phishing in that it involves fraudulent email messages. But these emails are not necessarily directing the victim to log into a phishing website, but instead to take some action that could result in a huge payday for the cybercriminal. With Social Engineering, it is the credibility of the alleged sender that has influence over the recipients of the message.
Once cybercriminals have access to a corporate email account, they can draft a "Social Engineering" email that could do a variety of very harmful things:
- Request/Demand a subordinate to redirect a vendor payment to a fraudulent bank account via wire
- Request/Demand that passwords be revealed or reset
- Request/Demand access to network resources
- Request/Demand access to financial accounts
- Request/Demand access to corporate Intellectual Property
The cyber criminal could even Request/Demand the installation of Ransomware or other Malware that could encrypt the company’s entire network server(s), including accounting data, customer lists, intellectual property, project files or other information...and then exfiltrate the data, and encrypt it so that the company is held hostage until a ransom is paid.
And of course, the email address could be used to distribute more Phishing emails.
The list could certainly vary based on the specific corporate victim and the creativity (and daring nature) of cybercriminals.
How To Avoid Becoming A Victim Of The Office 365 Phishing Kit
You can help prevent your organization from becoming a victim of the Office 365 Phishing Kit or related scams by taking some very simple advice, among them these three tips:
- Install and Maintain Email Filtering and Web Filtering Tools. There are literally millions of dangerous websites on the Internet, and automated tools can identify them and prevent your staff from accessing them.
- Get Cyber Awareness Training for your organization. This training is critical. Every employee, from C-Level to the entry-level employee, should be taught how to be vigilant and to recognize Phishing and
- Use Multi-Factor Authentication. Multi-Factor Authentication sends a unique message through an alternate method or device, such as a text message to a cell phone or to a special MFA device. Usually, this message includes a randomly generated number that must be entered into the legitimate login screen. Without that number -- which usually expires in a few minutes -- the cybercriminal cannot get access. MFA is among the most secure methods for protecting access to valuable online resources.
Let Digital Uppercut Protect You And Your Company
Are you curious if your personal information has been compromised by the Office 365 Phishing Kit, and is now being offered for sale on the Dark Web or other sites? We may be able to answer that question for you and other employees at your company. At Digital Uppercut, we specialize in providing big business cybersecurity at a fraction of the cost. Our Business Protection Toolkit includes our recommendations listed above, and a dozen other tools that can protect your business in many other ways. Find out how it works, and sleep more comfortably at night. Contact us online or call us at 818-913-1335.
You must be logged in to post a comment.