The FBI has reported a rise in COVID-19 fraud schemes. The expanding COVID-19 pandemic has created opportunities for Cybercriminals to unleash a wave of sophisticated email scams to take advantage of our fears and demands for accurate and timely information. Couple this with the disruption caused by the shift to a remote workforce for many companies, and we have a perfect storm scenario.
Cybercriminals are leveraging this health crisis and stepping up their attacks to steal your Office 365 login credentials. These attacks often use an email that appears to have been sent by the recipient’s employer. The recipient is asked to click on a link for an important or time-sensitive COVID-19 update from their employer. The link directs the user to a “spoof page” that mimics the Microsoft Office 365 login page. If the user enters their username and password on the fake login page, the attacker now has the user’s credentials to access the user’s Microsoft 365 account and any other system linked to those credentials.
Some simple steps to prevent becoming a victim:
Don’t panic. If you believe you have given away username or passwords, follow-up these steps from Microsoft.