Microsoft 365 Admin User Phishing Threats

Compromising an employee’s email account can be a win for any hacker, but gaining access to a domain administrator’s account is like getting the keys to the castle.

In an attempt to gain access into your Office 365 admin portal, phishers are now sending fake O365 alerts to IT professionals. These email alerts are typically about time-sensitive issues that require immediate attention, such as an issue with the mail service or the discovery of an unauthorized user.

Office 365 Admin Phishing Emails

A recent example of an Office 365 admin alert mentions that your company’s licensing has expired. The email then proceeds to tell the user to login to the Office 365 Admin Center in order to check their payment information.

Another recent Office 365 phishing email targeting administrators sends an alert that someone has gained access to one of their user’s email accounts. It then prompts the admin to “Investigate” the issue by logging in.

As expected, when the link is clicked in these emails the user is brought to a fake landing page, asking them to enter their Microsoft login credentials. Using Azure and a windows.net domain attempts to add legitimacy and disguise the attack.

To make it more convincing, these phishing landing pages appear to be hosted on Azure using a security certificate from Microsoft as shown below.

If the admin falls for this scam and enters their credentials in the page the hacker could gain access to the Office 365 admin portal.  The amount of damage that could be done with this level of access could be devastating.

Nobody falls for these scams, right?

You may be saying to yourself that no IT admin would fall for these scams. And while we agree that most trained IT professionals know better, there are many situations where this phishing scam does in fact work.

Many network and email admins, especially in small businesses, were not properly trained to be IT Admins and possibly were placed into these positions because the company did not have a dedicated IT resource. Likewise, another common scenario we’ve seen is that some organizations give administrative access to users that simply do not need it, which creates more opportunity for compromise.

So what can be done?

• Get the help that you need. If you feel that your internal staff is not up to date on the cybersecurity threats out there, partner with an IT support company like IT Solutions that can help fill in the gaps as needed.
• Follow security best practices by setting up your environment with multiple levels of security in place, even if that means utilizing third-party tools, including two-factor authentication.
• Limit users’ access to only the areas of the network they need to perform their daily job duties. This will prevent unexperienced users from making a mistake such as giving up admin credentials.
• Customize your Office 365 login page with your logo so it’s more noticeable that the page is a fake.
• Education is power. Conduct ongoing user trainings, including routine end-user phishing tests.

If you believe your Office 365 environment is missing key security components or could be better configured, contact us today to discuss our Office 365 management and support options. We have a team of Microsoft cloud experts and offer a few levels of support depending on your business needs.

Looking to make the most of your Office 365 investment? Check out our Modern Workplace Solutions page to learn about some of the tools that you may already have access to with your O365 software subscription.