Reply to post: Same for Phishing Attacks

Microsoft called out as big malware hoster – thanks to OneDrive and Office 365 abuse

beekir

Same for Phishing Attacks

Some of the more dangerous phishing attacks I've seen include a fake Office 365 login form (an HTML document) hosted at Live.com or OneDrive.com.

Employees see the perfectly duplicated sign-in form, and when they double-check the browser bar they see the TLS lock symbol with a certificate for Microsoft Corporation.

It's a series of failures at every layer: poor spam filters allow emails that look an awful lot like they are from Microsft, which link to a ubiquitous (but faked) sign-on screen, hosted on servers that are certified as Microsoft. It goes even further if your admins added either site to the Trusted Domains list.

I loudly protest at the claim that Office 365 is more secure than its on-premises predecessors.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2022