2020 has just begun, and hackers are already off to a strong start. These criminals are bringing new attacks into the new year.

If you are and Office 365 user, this information is critical for you to read.

In 2019 and previous years, hackers targeted users often by working to steal your credentials, such as your username and password. But since the start of 2020, experts are seeing a new method that targets Office 365 OAuth APIs. This dangerous approach works to gain control of user mailboxes by using different phishing methods.

Researchers at PhishLabs have reported that this new method of attack focuses on using a fake and malicious Office 365 App, rather than through their common way of getting users to click on a link taking them to a fake login page, where they enter their credentials. Similarly, the hacker’s newest method plants a malicious link to SharePoint Online or in OneDrive. The link takes them to a page requesting access to their Office 365 mailbox.

In the past, when a hacker used their common tactics of stealing a user’s credentials, they lost access as soon as the user changed their password. But now, since this new method of attack is based around an app, it connects and grants full access to the Office 365 account. Therefore, simply changing one’s username or password, is not enough. A completely separate process to disconnect the app from the Office 365 account, is the only way end the hacker’s access.

KnowBe4 has shared that while this new method of attack is especially creative, it is the same guidelines of prevention as any other method- being aware and alert. KnowBe4 also realized this screenshot below of what this new phishing attack appears like.

Just as old methods of phishing attacks, Security Awareness Training for your employees is the best way to educate them on what and what not to click on.

The IT Company highly encourages you to share this information with your employees. Additionally if you are interested in taking your employees through Security Awareness Training, reach out to us. We want to help prevent your company from experiencing this attack.