Know Your Enemy: How Cyber Criminals Are Crafting Phishing Campaigns

More and more organisations are moving their email and documents to Microsoft Office 365 and cyber criminals are targeting them using ever more sophisticated techniques. Once the criminals have captured Office 365 credentials, they are only just starting out on their road to victory, which is ultimately financial gain.

Contrary to popular belief, the cyber criminals who are creating such campaigns aren’t necessarily technically adept. Using free software, anyone can craft a phishing campaign targeting organisations with the goal of stealing valid Office 365 credentials.

Understand the simple method behind these campaigns and you’ll know what to watch out for, as well as get ideas on how to better protect your business.

How cyber criminals craft phishing campaigns

• 1. THEY REGISTER A DOMAIN THAT LOOKS LIKE THEIR TARGET – Typically, they’ll do this well in advance as some email protection systems will block newly registered domains. A common choice for .co.uk domains is to register the equivalent .uk domain. For example, node4.co.uk becomes node4co.uk – simple.
• 2. THEY HARVEST EMAIL ADDRESSES – Cyber criminals find the email addresses of their targets using free tools, searching LinkedIn or even the webpages of their target.
• 3. THEY CREATE A LANDING PAGE THAT LOOKS LIKE THE OFFICE 365 LOGIN PAGE – Cyber criminals find the email addresses of their targets using free tools, searching LinkedIn or even the webpages of their target.
• 4. THEY DOWNLOAD AND INSTALL PHISHING SOFTWARE
• 5. THEY UPLOAD THE HARVESTED EMAIL ADDRESSES TO THE SOFTWARE
• 6. THEY CREATE AN AUTHENTIC-LOOKING EMAIL, CONTAINING A LINK TO THE LANDING PAGE – It’s usually personal and time bound. For example, an email from HR stating that you’ve used all your holidays and to “download” your record within the next 24 hours.
• 7. THEY SCHEDULE THE EMAIL, USUALLY FOR A TIME WHEN USERS ARE MOST VULNERABLE – The end of the working day is a typical time, as most users will be thinking about leaving and will not realise it’s a phishing email.
• 8. THEY WAIT FOR UNSUSPECTING USERS TO ENTER THEIR DETAILS
• 9. THEY CHECK RESULTS ON THEIR PHISHING SOFTWARE
• 10. THEY LOGIN TO O365 AS THE USER AND START EMAILING THEIR CONTACT LIST WITH ANOTHER PHISHING EMAIL TO STEAL THEIR CREDENTIALS – Now that the criminal is sending emails from a genuine email account, it’s unlikely the recipients will suspect malpractice. Next they’re likely to target someone in finance with access to invoices and bank account details

Protecting your business

Key to protecting your business is educating your users on what to expect from phishing campaigns, including some of the points mentioned above, such as domain names that look similar to your own, emails putting pressure on you to click links and suspect emails at the end of the working day.

It’s also important to keep up to date with the latest cyber security strategies in an ever-evolving threat landscape. While everyone in the business plays a part in maintaining security, it’s the IT department and senior leadership that pick up the bulk of responsibility and will have to repair the damage when phishing attacks strike successfully.

Want to learn more? Click here to visit our Cybersecurity hub for resources, guides and blogs on to consolidate cybersecurity awareness across your workforce