Tag: Phishing

Defense

Business Email Compromise in Office 365

BEC

Business email compromise can be a prelude to a range of attacks but commonly it’s either Ransomware of Scammers. In this post we are focsing on scammer activity which uses a ‘man in the mailbox’ attack to get in between two parties in an email converstation with the aim of attempting theft by fradulently altering a wire transfer so that the third party sends funds to the scammers not to the victim. There are cleary other avenues that can be leveraged (the compromised mailbox may be used to phish or email malware to another victim).

Initial Access

To gain access to the mailbox a range of techniques can be employed which includes:

  • Credential stuffing
  • Phishing and credential harvesting
  • Malware

Once they have your logon credentials, they now will attempt to access your mailbox.

Avoiding Geo Location Alerts

A scammer may use a public VPN service (such as services from AVAST etc.) to move their internet connection the target mailbox region. They can usually locate a person through some OSINT.

By moving to the normal area of the user they are less likely to trip geo location alerts. Read more “Business Email Compromise in Office 365”

Defense

Office 365 Attack Simulator Overview

Probably the most common attack vector!

Phishing is very likely the most common attack vector, in fact so common that the following stat is called out:

“a 2016 study reports that 91% of cyberattacks and the resulting data breach begin with a phishing email”

Setting up the Social Engineering toolkit or custom phishing solution takes a little time, luckily Microsoft have added in attack simulation features into Office 365! This let’s in house teams perform a range of simulated attacks in safe manner against your organisation. In this post we are going to run through the steps required to create and run a phishing attack simulation!

Read more “Office 365 Attack Simulator Overview”