Office 365 Phishing

Office 365 phishing emails are one of the top threats attempting to be delivered to NJ State employee inboxes. These emails are often used to steal Office 365 user credentials by convincing a target to click on a link or open an attachment that directs them to a fraudulent Office 365 login page. If the user submits their credentials, they are sent to the threat actors. Recently, MalwareHunterTeam discovered a convincing fraudulent Office 365 site that delivers an alert claiming the user’s browser – either Chrome or Firefox –needs to be updated. If the “Update” button is clicked, an executable will be downloaded that installs the Trickbot banking trojan. Trickbot is a sophisticated trojan with many capabilities that include stealing saved login credentials, browsing history, and form autofill data. Trickbot has been implicated in many recent cyber incidents, most notably infecting networks prior to the installation of the Ryuk ransomware. The NJCCIC advises users to avoid clicking on links or opening attachments in unsolicited or unexpected emails, and refrain from clicking on in-browser pop-up alerts. If a Trickbot infection is suspected, scan the system using an anti-virus/anti-malware program and consider re-imaging the machine, then change all account passwords and enable multi-factor authentication where available.