Covid-19 inspired hackers target Office 365 SMB users

Reading time icon 2 min. read

Readers help support Windows Report. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help Windows Report sustain the editorial team Read more

Key notes

  • Hackers are now sending phishing emails to SMBs that expect COVID-19 financial relief from the government.
  • An estimated 5000 Office 365 account owners may have been targeted. 
  • Our dedicated Office 365 section offers more about the cloud-based platform. You can check it out anytime!
  • Visit the Security & Privacy for tips on optimizing your IT or personal data security.
Dropbox hacking attempt

Just the other day, it emerged that hackers set up an Office 365 phishing website to steal users’ Microsoft credentials. They targeted people affected by the COVID-19 crisis.

According to Abnormal Attack, hackers are now sending phishing emails to small businesses that expect financial relief due to the effects of COVID-19. They’re primarily targeting enterprises with Office 365 accounts.

Malicious actors target Office 365 accounts

The attackers are after SMBs that have applied for COVID-19 relief from the government.

In the attack, the target receives an email sent from a Dropbox account, which is a legitimate domain. The message contains a link to a document on a Dropbox download page.

However, clicking on download takes the potential victim to another page with an Office 365 image. But the user has to supply their Microsoft account credentials to access the document.

Since the O365 page is fake, it’s just a means for the attacker to collect the victim’s user name and password.

This attack is attempting to exploit current efforts by the government to provide relief funds for small business owners affected by COVID-19 closures and shelter-in-place orders.

Nearly 5000 email accounts have received the phishing email. One of the reasons why the attackers may succeed is that they’re offering correspondence that the victim expects.

Similarly, the malicious players are impersonating the government as well as using a legitimate launching platform, Dropbox.

Legitimate tech companies are improving their productivity tools in different ways against the backdrop of the COVID-19 pandemic. For example, Microsoft is optimizing its workforce collaboration tool, Teams, to cater to the needs of its over 44 million daily users, including remote workers.

However, not every actor in the tech industry is looking at COVID-19 from that perspective. So, companies and individuals need to not only stay vigilant, but also keep securing their enterprise and personal data.

Have you ever used Dropbox or Office 365? Feel free to share your experience or ask any questions in the comments section below.


More about the topics: Cybersecurity