New Zealand's cyber security watchdog is reporting that an alert but unnamed IT service provider delivered sterling service to a business customer whose Office 365 account was compromised.
The attacker used the account to send thousands of phishing emails to the business’ clients, the Computer Emergency Response Team (CERT) said in its first quarterly report of 2019.
The compromised account belonged to an employee of the business, who had a large contact list. The attacker used their account to email their contacts a link to a document on a file hosting service, Microsoft OneDrive.
If the recipient clicked on the link, they were taken to a legitimate-looking OneDrive login page asking them to enter their username and password.
"The page was fake and for every recipient who entered their username and password, the attacker was able to access their email account as well," CERT said.
"The scam went undetected for many recipients who clicked on the link and entered their details as it seemed like a regular download process.
The IT service provider noticed an unusually high volume of emails being sent and reported the attack to CERT.
"CERT NZ worked with the IT service provider and the business to alert those on the contact list, help the business secure their account, and prevent the attackers from sending further emails.
"CERT NZ recommended the business set up two-factor authentication on their email and cloud service accounts to help prevent future compromise."
CERT NZ said it also received reports from the recipients of the phishing email who had followed the link and entered their username and password. It also provided them with assistance to help secure their accounts.
By helping to minimise the financial impact to the email recipients, CERT said it helped mitigate any potential negative impact on their reputation.
CERT said its counterpart organisation NCSC UK has produced an Office 365 guide, available on their website.