The National Cyber Security Centre Finland (NCSC-FI) which acts as Finland's National Communications Security Authority published today a detailed guide on how to secure Microsoft Office 365 against data breaches and credential phishing. NCSC-FI's guide is focused on mitigating Microsoft Office 365 phishing which can lead to stolen credentials and to financial losses in the event of a successful Business Email Compromise (BEC) scam fraud that would use the stolen information. To put the seriousness of BEC attacks into perspective, FBI's Internet Crime Complaint Center (IC3) received victim complaints regarding 166,349 domestic and international incidents between June 2016 and July 2019, with a total exposed dollar loss of more than $26 billion according to a PSA issued on September 10. The same day, the U.S. Department of Justice (DoJ) said in a press release that 281 individuals were arrested over a four-month period in the U.S. and around the world as part of Operation reWired, a worldwide coordinated effort to disrupt BEC schemes. The first step to secure Office 365 against phishing and security breaches is to secure identities by customizing login pages to match the organization’s look, using hard to crack passwords, securing the local Active Directory, enabling modern authentication, blocking legacy email protocols without two-factor authentication (2FA) support, enabling 2FA, using conditional access, and carefully manage administrator roles. Next in line is securing Office 365 email accounts by securing email routing by rejecting emails that aren't sent over TLS and aren't sent by parties authenticated using certificates. Also, users should be secured against junk, malware, phishing emails, and zero-day attacks with the help of Office 365 Advanced Threat Protection (Office 365 ATP) via the ATP Safe Attachments, ATP Safe Links, and ATP Antiphishing features. To learn more and get the full guide to navigate to OUR FORUM.

Google Alerts is s useful service that allows you to receive emails or an updated RSS feed when new pages appear in the Google search index that is related to specified keywords you are following. Unfortunately, whenever there is a good thing, people try to take advantage of them to push users towards scams and malware. For those not familiar with this service, Google Alerts allows you to submit keywords that you wish to monitor. When new pages are found that match these keywords, depending on how you create the alert, Google will either send you an email or update an RSS feed. I have been using Google Alerts for many years in order to track various malware and security topics. Over the past year, if not longer, I have noticed a trend where bad actors are injecting malicious sites into the Google search index in order to have them also appear in Google Alerts being sent to users. When a user clicks on one of these alerts, they will then be sent to a page that then redirects them through a series of other pages until they finally land at a fake giveaway page, tech support scam, unwanted extension, or malware installers. To get malicious links into Google Alerts, bad actors will create spam pages with popular keywords and get them into the Google search index. For example, as we publish a lot of ransomware news, I have a Google Alert set up for Ransomware. Knowing that users are desperate for decryptors, the bad actors create fake spam pages containing blobs of text containing keywords related to a particular decryptor that may be affecting a lot of users at the time. When the bad actors create these pages and get them into the Google index, an alert will be generated for anyone who wants to be notified about ransomware, decryptors, or the STOP ransomware. When a user clicks on a link through a Google Alert or via the Google search engine, instead of showing the web page shown earlier in the article, they will be redirected to a malicious site like the tech support scam shown below. Follow this by visiting OUR FORUM.