The FBI Internet Crime Complaint Center has been alerting US businesses about an ongoing attack that directly targets organizations who are utilizing Microsoft Office 365 and Google G-Suite.
Per the FBI:
“The scams are initiated through specifically developed phish kits designed to mimic the cloud-based email services in order to compromise business email accounts and request or misdirect transfers of funds…Using the information gathered from compromised accounts, cybercriminals impersonate email communications between compromised businesses and third parties, such as vendors or customers.”
Laughing Rock has confirmed these reports through our own investigation and have responded to these attacks within some of our client organizations.
These bad actors are obtaining login information for business email accounts through targeted phishing attacks.
If you think you have been impacted, or want to be proactive, please follow our recommendations below:
Immediately rotate your password for Office 365 or G-Suite. Be sure to create a new, unique, and secure password.
Run an anti-virus scan on any effected computers for malicious programs
Implement 2-Factor Authentication (2FA) on all user mailboxes. Please note that 2FA does not need to be implemented immediately but is highly recommended for long-term security.
Always use caution when interacting with emails that you were not expecting and/or are asking you to provide sensitive information.
If you’d like some additional information on phishing, please see our blog post titled Phishing: What it is and how to avoid getting hooked.
Looking for more information on how you can protect your organization from phishing attempts? Contact us
Have a topic you want us to cover? Send it our way! Contact Us