Front Page: NCSC-FI
Front Page: NCSC-FI

Information security now!

Persistent Microsoft Office 365 credential phishing and stealing affects many domestic organisations. To combat the threat and to protect oneself against it we have compiled a comprehensive guide: Protection against Microsoft Office 365 credential phishing and data breaches. Our guide is aimed at those who are responsible for maintenance and information security at organisations, not forgetting corporate management and data protection officers.

Cybercriminals are behind Office 365 phishing. At its simplest, phishing happens by e-mail as a cybercriminal sends a phishing message to as many recipients as possible. It is very likely that one of the thousands of recipients of the scam message is mistaken and provides his or her information. Phishing can also be targeted, in which case the attacker wants to have access to, for example, administrator credentials with the help of which the attacker can do extensive damage. 

It is very difficult to get rid of the actual phishing messages, but the effects of phishing can be significantly restricted or, with protection measures, even completely prevented. Key factors in protection are, among other things, diverse protections, monitoring logs, controlling terminal devices and providing training to staff.

How to protect oneself against Office 365 phishing?

If a phishing message is identified in time, the scam remains an attempt and the cybercriminal does not get, among other things, valuable credentials. Office 365 and other Microsoft services include various service and licence solutions with the help of which it is possible to protect oneself against phishing.

Regardless of the service that is used, the following protection measures are suitable for each organisation:

  • Start using modern authentication and make it compulsory.
  • Start using multi-factor authentication (MFA).
  • Ensure the quality, the quantity and a sufficient retention period of logs.

It is advisable that the whole staff of the organisation familiarises itself with our guide’s chapters 3 and 4 which include key instructions for protection and advice on what to do if damage has already been done. It is important that everyone internalises principles related to, among other things, notifications to authorities and to the reporting of phishing.

Protection in advance is the best way, but accidents happen to everyone

Attempted attacks are ongoing. We learn about several new Office 365 account data breaches weekly.

After the scam has happened, there is no need to be ashamed or to bury one’s head in the sand, but instead it pays off to come up courageously and to go through the case properly. Other potential victims can be protected by a notification made at an early stage.

Notify the authorities as early as possible even if information at hand is incomplete. When you also notify the NCSC-FI, you help us to eradicate phishing sites from the internet and to warn other victims as well as to monitor the technological development of the phenomenon.

Specific tip for using the guide

In the latter part of the guide, there is a table that summarises threats related to Office 365 phishing and means of limiting them. The lines of the table specify different protection measures under top-level threats. The columns present the measures or means of protecting oneself against the threats by each service.

The table includes such licence levels that are widely used in Finland of both Office 365 service and Azure AD service.

One can check the means of protection that can be used with the licences already in use from the table and then consider the need to change different users’ licence levels.

The table is not a comprehensive matrix of the composition of services and there are additional functionalities that are available for certain licence levels without actually upgrading the licence to the next level.