Phishing Campaign Spreading Through Office 365 OAuth

Phishing Campaign Spreading Through Office 365 OAuth

By Chris Brunau

A new phishing campaign is targeting Office 365 users through a phony OAuth. According to reports, the culprits are impersonating OneDrive or SharePoint files with a link to a shared document. The user is prompted to grant OAuth access which allows the malicious attack will gain access to personal information, stored files, emails, and more.

PhishLabs has offered some Office 365 guidelines to help users avoid malicious OAuth applications:

  • Incorporate content into your end-user Security Awareness Training that teaches how to examine ALL aspects of an email for red flags, not just URLs and sender’s address, as these may not be sufficient in phishing attacks where legitimate services are abused.
  • Incorporate remediation steps for this attack method into your incident response plan. Traditional methods of remediating compromised Office 365, such as password changes, clearing sessions, or activating multi-factor authentication (MFA), are not effective for this attack method.
  • Proactively review Apps or add-ins installed across your environment. For further information see Microsoft's tutorial on investigating risky apps.

To learn more about how you can protect your Office 365 data, check out Datto SaaS Protection. Engineered to be the leading, one-stop-shop for cloud-to-cloud SaaS application backup, SaaS Protection gives you consistently reliable granular backups, quick and easy restores and exports, secured data for compliance and regulatory needs, and world-class 24/7/365 support. Join the 3.5 million end users already protected by Datto SaaS Protection. Learn more today!

SaaS Defense: A multi-pronged approach to a changing business landscape

Charles Love, Director of Service Operations at ShowTech Solutions, a Florida-based MSP, utilizes SaaS Defense to secure the changing business landscape. As the transition to remote work continues to become a more permanent move for companies, security solutions are now dependent on the data of previously known threats and how those operate to help prevent new threats.

Read More

Suggested Next Reads

Subscribe to the Blog