The Ultimate Insiders Are Malicious Office 365 Apps
Phishers posing as Microsoft Office 365 customers are gradually using specialised links that redirect users to their company's own email login page. When a user logs in Office 365, the connection directs them to download a harmful yet harmless-sounding software that grants the intruder permanent, password-free access to all of the user's emails and data, which are then used to spread ransomware and phishing scams to others. These attacks start with an emailed connection that, when clicked, takes the consumer to their real Office 365 login page, if it's at microsoft.com or their company's domain. After signing in, the user can be presented with a prompt that looks like this: The Ultimate Insiders Are Malicious Office 365 Apps Since they are accepted by the user after the user has already signed in, these malicious apps enable attackers to circumvent multi-factor authentication. The applications would still remain in a user's Office 365 account fo...