Menu
Alert NZ service provider heads off Office 365 compromise

Alert NZ service provider heads off Office 365 compromise

Phishing attack foiled when service provider notices increased outbound mail

CERT NZ has released its first quarterly report of 2019.

CERT NZ has released its first quarterly report of 2019.

New Zealand's cyber security watchdog is reporting that an alert but unnamed IT service provider delivered sterling service to a business customer whose Office 365 account was compromised.

The attacker used the account to send thousands of phishing emails to the business’ clients, the Computer Emergency Response Team (CERT) said in its first quarterly report of 2019.

The compromised account belonged to an employee of the business, who had a large contact list. The attacker used their account to email their contacts a link to a document on a file hosting service, Microsoft OneDrive. 

If the recipient clicked on the link, they were taken to a legitimate-looking OneDrive login page asking them to enter their username and password.

"The page was fake and for every recipient who entered their username and password, the attacker was able to access their email account as well," CERT said.

"The scam went undetected for many recipients who clicked on the link and entered their details as it seemed like a regular download process.

The IT service provider noticed an unusually high volume of emails being sent and reported the attack to CERT.

"CERT NZ worked with the IT service provider and the business to alert those on the contact list, help the business secure their account, and prevent the attackers from sending further emails. 

"CERT NZ recommended the business set up two-factor authentication on their email and cloud service accounts to help prevent future compromise."

CERT NZ said it also received reports from the recipients of the phishing email who had followed the link and entered their username and password. It also provided them with assistance to help secure their accounts.

By helping to minimise the financial impact to the email recipients, CERT said it helped mitigate any potential negative impact on their reputation.

CERT said its counterpart organisation NCSC UK has produced an Office 365 guide, available on their website.


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags phishingOffice 365CERT NZ

Featured

Slideshows

Leading female front runners of the Kiwi ICT industry honoured at 2019 WIICTA

Leading female front runners of the Kiwi ICT industry honoured at 2019 WIICTA

Reseller News has honoured the leading female front runners of the New Zealand ICT industry at the 2019 Women in ICT Awards (WIICTA) in Auckland. The awards recognised standout individuals across six categories, spanning Entrepreneur, Rising Star, Shining Star, Community, Technical and Achievement. Photos by Gino Demeer.

Leading female front runners of the Kiwi ICT industry honoured at 2019 WIICTA
Reseller News kicks off awards season in 2019 with Judges' Lunch

Reseller News kicks off awards season in 2019 with Judges' Lunch

The 2019 Reseller News Innovation Awards has kicked off with the Judges Lunch in Auckland with 70 judges in the voting panel. The awards will reflect the changing dynamics of the channel, recognising excellence across customer value and innovation - spanning start-ups, partners, distributors and vendors. Photos by Christine Wong.

Reseller News kicks off awards season in 2019 with Judges' Lunch
Reseller News welcomes industry figures for 2019 Hall of Fame lunch

Reseller News welcomes industry figures for 2019 Hall of Fame lunch

Reseller News welcomed 2018 inductees - Chris Simpson, Kendra Ross and Phill Patton - to the third running of the Reseller News Hall of Fame lunch, held at the French Cafe in Auckland. The inductees discussed the changing landscape of the technology industry in New Zealand, while outlining ways to attract a new breed of players to the ecosystem. Photos by Gino Demeer.

Reseller News welcomes industry figures for 2019 Hall of Fame lunch
Show Comments