There’s a new phishing scam that even has Microsoft on alert. In a phishing scam, cybercriminals trick you into visiting a fake login page and then use your login information to try to access other websites.
In this case, the login they are really after is cloud services like OneDrive, DropBox, and SharePoint. These cybercriminals will even try to get your login information off the dark web (black market of the internet).
Why? What’s the point?
Let’s say they log in to your coworker’s OneDrive account. They upload a file that looks just like an authentic Microsoft login page. Then, share it across your company, posing as them. You get the email. You know this person because you’ve shared files before. And before you know it… you’ve shared your login details.
Apple is even battling something like this within iMessage. Where a text acts like an official Apple alert, making you believe that your Apple account is about to be deactivated. It looks real, right?… and then you’ve shared your login details.
Are you seeing the theme?
Opening these files, email attachments, or clicking any link… can cause serious damage to your business.
It took one medical worker in Lake City to cause a breach in security that led to ransomware being deployed across the entire hospital. Taxpayers ended up paying the hefty $500,000 ransom.
It goes without saying that these kinds of attacks, if successful, can be both costly and time-consuming. Not to mention how it can hurt your business’s reputation.
So if something feels off, go to the source and check with the sender. If it’s an email from Facebook saying you need to click a link in the email to change your password. Go instead to Facebook directly (without clicking the link) and reset your password from there.
But…. what can you do to really make sure this doesn’t happen? Turn on MFA, also known as multi-factor or two-step authentication. It’s the annoying text you get with a number you need to punch in. So even if someone had your login information, they would get stopped because they didn’t have that MFA code.
Also, keep your computer, phone, and tablet up to date with any update that pops up.
If you need help dealing with all of these risks, then let me know. Our team would be happy to talk with you.