[header2 text=”We’ve seen this several times in the last few weeks” align=”left” color=”#336A40″ margintop=””]
A classic phishing technique has been updated and is reaping rewards for hackers.
Delivery is by email or web popup. You are asked to take a survey (often for the chance to win something) or invited to sign in to download a file. Next you are prompted to enter a login or password to prove your identity. They ask you to enter your Facebook, Dropbox or Office 365 login details.
The hack is successful because a number of legitimate sites link to your Facebook account. But it is not common practice for sites to link to your Office 365 account. As people often use the same login and password on multiple sites, once they have your Facebook login they will immediately try access other sites like online retailers etc.
If you use your Office 365 login, they access your email and use that to spread ransomware to your contacts. Typically they will email everyone in your contacts. They then cover their tracks by deleting the emails from your sent items and set up a rule to delete any new incoming emails. We have seen this happen a couple of times in recent weeks. The most recent example was though a link inside a PDF, that took the user to a web site which asked for his Office 365 credentials.
This screen shot shows a survey prompt targeting a NZ ISP. After clicking ‘Accept’ you are taken to the login prompt.