Do not under any circumstances do as this email says – “Extraordinary number of victims”

The Cybersecurity Center warns of a wave of data breaches targeting the Microsoft 365 accounts of companies and organizations. The scam spreads more widely through the victims who fall for it.

Finnish Transport and Communications Agency Traficom’s Cybersecurity Center says it has received contacts from dozens of Finnish companies and organizations about hacked Microsoft 365 accounts and phishing messages sent from them.

With the help of data breaches, the hacker has gained access to the accounts and their e-mails. However, there are no known cases in which a hacker managed to advance inside the organization’s system.

The phishing campaign spreads from one organization to another with the help of contact lists of compromised user accounts.

An extraordinary number of victims

Criminals are fishing for Microsoft 365 environment passwords with fake emails. According to the Cybersecurity Center, the recurring security mail theme in fishing has been able to increase the credibility of the messages.

– There are now an extraordinary number of victims, it says in the announcement.

An example of a secure mail phishing message published by the Cybersecurity Agency. In several cases, the logo of the hacked organization has been added to the messages. Cyber ​​Security Center

The so-called secure mail messages normally have a link to the secure mail server. However, a credible-looking link in fishing messages has led to a page controlled by criminals.

In some cases, the link has been in a PDF file attached to the message.

– The attached files we have examined have been harmless, but the link in them should not be clicked.

Genuine security mail does not ask for the username and password of the Microsoft 365 account when opening it. However, messages forged by criminals often redirect to the page where they are requested.

The Cybersecurity Center reminds that if you suspect the authenticity of a message, you should check it using another communication channel, such as calling the sender.

Source: Cyber ​​Security Center

ttn-54