Skip to content

Know Your Enemy: How Cyber Criminals Are Crafting Phishing Campaigns

Phishing remains the primary form of attack for cyber criminals and SMEs are still falling for it. 

More and more organisations are moving their email and documents to Microsoft Office 365 and cyber criminals are targeting them using ever more sophisticated techniques. Once the criminals have captured Office 365 credentials, they are only just starting out on their road to victory, which is ultimately financial gain.

Contrary to popular belief, the cyber criminals who are creating such campaigns aren’t necessarily technically adept. Using free software, anyone can craft a phishing campaign targeting organisations with the goal of stealing valid Office 365 credentials.

Understand the simple method behind these campaigns and you’ll know what to watch out for, as well as get ideas on how to better protect your business.

How cyber criminals craft phishing campaigns

1. They register a domain that looks like their target

Typically, they’ll do this well in advance as some email protection systems will block newly registered domains. A common choice for domains is to register the equivalent .uk domain. For example, becomes – simple.

2. They harvest email addresses

Cyber criminals find the email addresses of their targets using free tools, searching LinkedIn or even the webpages of their target.

3. They create a landing page that looks like the Microsoft Office 365 login page

This is the destination page, hosted on the domain they created.

4. They download and install phishing software

5. They upload the harvested email addresses to the software

6. They create an authentic looking email, containing a link to the landing page

It’s usually personal and time bound. For example, an email from HR stating that you’ve used all your holidays and to “download” your record within the next 24 hours.

7. They schedule the email, usually for a time when users are most vulnerable

The end of the working day is a typical time, as most users will be thinking about leaving and will not realise it’s a phishing email.

8. They wait for unsuspecting users to enter their credentials

9. They check results on their phishing software

10. They login into Office 365 as the user and start emailing their contact list with another phishing email to steal their credentials

Now that the criminal is sending emails from a genuine email account, it’s unlikely the recipients will suspect malpractice. Next they’re likely to target someone in finance with access to invoices and bank account details.

Protecting your business

Key to protecting your business is educating your users on what to expect from phishing campaigns, including some of the points mentioned above, such as domain names that look similar to your own, emails putting pressure on you to click links and suspect emails at the end of the working day.

It’s also important to keep up to date with the latest cyber security strategies in an ever-evolving threat landscape. While everyone in the business plays a part in maintaining security, it’s the IT department and senior leadership that pick up the bulk of responsibility and will have to repair the damage when phishing attacks strike successfully.

Want to learn more about protecting your business, particularly from user error? Watch my on-demand webinar, part of our free TransformIT webinar series.