Summary Bullets:

• Cybersecurity vendor Proofpoint flagged a hacking operation in November in which cybercriminals are employing phishing bait inside shared Office 365 documents to steal credentials.

• Hackers have targeted end users in a spectrum of corporate roles in multiple organizations with titles ranging from account managers and sales directors to CFOs and CEOs.

The Cloud Security Response team at security vendor Proofpoint issued an alert this week about an ongoing phishing campaign involving Office 365 apps that the organization first uncovered in November. Hackers have been threading together credential phishing and account takeover tactics to gain access to enterprise resources. So far, dozens of organizations and hundreds of users have been hit. One method these bad actors are using is to insert links that direct targeted users to click on to view a document. The links then route the users a harmful phishing web page. Continue reading “Hackers Take Aim at Microsoft 365 Users with Targeted Phishing Campaign” →