Phishing attacks are getting more sophisticated every day. A new threat that is targeting Office 365 users is called Blob Storage Phishing. Hackers send emails that look real and that contain a link requesting users to log into their Microsoft 365 accounts to update their information. The link takes users to a Microsoft landing page that looks legitimate. Hackers can then steal a user’s passwords from the form he or she fills out. The fact that perpetrators are using windows subdomains makes these landing pages look more believable.
The image above is the landing page of an attack if it were sent to a user in an email. The URL looks more authentic than most attacks because the domain is real, and it has the word “windows” in it. The domain is also SSL protected, making it seem more convincing. Luckily, there are a few ways to stop these attacks before they happen. Here’s how:
Custom Inbox Rules
1) If you have access to the Exchange Admin Center, there is a rule you can add so that you are notified if one of these fake emails enters your domain. You can go to mail flow and add a new rule.
This rule can notify your IT team if someone’s email contains a false link. The IT team will have to approve the email before forwarding it on to the recipient.
2) The other rule you may add is spoof protection, which will protect you from receiving an email that comes from outside of your organization, even if it looks like it has your domain.
If you are the end user and have received an email with the link web.core.windows.net, please let your IT staff know. The way to see a link before clicking it is to mouse over the link and read the path it will send you to before clicking.
Remember that official Microsoft pages will be hosted on microsoft.com, live.com, or outlook.com. As always, you want to be cautious of any email, regardless of URL, when it asks you to sign in with your credentials.
Anthony has been in the MSP business since before the acronym existed. Managed IT once started as break-fix solutions and some light phone support.
Since then, he has seen the industry flourish into a landscape of platforms, cloud servers, software tools and AI . Tailoring network configurations and software stacks to the specific needs of each business.
In his current role, he focuses on proactive planning, ensuring clients can avoid potential issues altogether. This involves meticulous planning for enhanced business continuity, allowing swift resolution of any unforeseen challenges. What initially began as addressing "fires" through break-fix solutions has evolved into a proactive approach, ensuring that such issues are prevented from arising in the first place.
