Clark Computer Services

Office 365 Phishing Attack

Chuck's Cyber Wall

Cybersecurity experts are seeing a significant rise in Office 365 Phishing Attacks, with a  focus on executive accounts, small business owners, and office/practice managers.

Why this focus?

Every person they catch at this level opens the door to organization-wide Spear Phishing attacks where the attacker can use a compromised email account to assure victims that the phishing emails are legitimate and encourage them to fall for the scam. And because the vast majority of these attacks are automated, everyone is a target.


Let’s put this in perspective. According to the 2022 Cybersecurity Statisticsin 2021, Google registered over 2 million phishing websites, leading the 300% cybercrime increase in the USA.  Phishing is the most significant cyber threat to big businesses, small businesses, and individuals. 36% of data breaches in 2021 involved phishing attacks, up from 25% in 2020. On top of this, 85% of phishing attacks involve brand impersonation.

Here are some other notable stats:

  • 95% of data breaches are caused by human error
  • Data breaches cost an average of $4.24 million
  • 97% of users are unable to recognize a sophisticated phishing email
  • 30% of phishing emails are opened, and 12% click on malicious links
  • 85% of all organizations in the world have been hit by a phishing attack at least once
  • Phishing attacks provide attackers with the access to make Ransomware attacks

Taking all of that into account, it’s easy to see why we all need to be concerned.

Chucks Cyber Wall - Office 365 Phishing Attack


More and more organizations, especially small businesses, are moving to Office 365. Between their productivity (Word, Excel, etc.), document management (OneDrive, Sharepoint, etc.), and communication (Outlook, Teams, etc.) software, Microsoft offers a suite of services at affordable prices that are tailored to fit many needs. Whether or not you are a fan of Microsoft, their business model is popular and effective.

Chucks Cyber Wall - Office 365 Phishing Attack

The thing is, just like small business owners, hackers are looking for the biggest bang for their buck. A phishing website costs $3-$12 to put up. An email list can be purchased on the dark web for around $200. Phishing email build kits sell for around $50. They are spending money to make money, so it makes sense that they want to catch as many people as possible when they are ready to cast their net. Targeting Microsoft credentials provides them with information to sell – validated credentials fetch a high price on the dark web.

Typically, catching one person makes back the initial investment. But if that one person often sends emails that include attachments, such as PDFs, invoices, business quotes, etc, it opens the door to potentially hundreds or thousands of additional victims. And for attackers, that means more money!


Phishing attacks take many forms, from the simple to the complex. Some of the more successful are:

  • Emailed link claiming that Mary wants to share a file with you that asks for you to login when you click on it – credentials stolen
  • A Sharepoint link takes you to a fake 0365 login page when you click on it – credentials stolen
  • A pretend automated message saying that you missed a Teams chat that asks for you to login when you click on it – credentials stolen

And even if you are not currently a Microsoft user, they can still target you. Since they have such a visible name brand with many products and logos that are easy to imitate, we see lures that promise coupons, demos, special pricing, and other such offers. Clicking on them will almost certainly infect your device with malware including: keyloggers, ransomware, and tools that allow them to bypass security.


The single most effective tool against all kinds of phishing is Security Awareness Training! No matter how elaborate the phishing lure might be, there are always tells. Whether it is the email address, language used, format, a manufactured sense of urgency, or other such indicator, users who know what to look for are much less likely to fall for the scam. We discuss Phishing a great deal specifically for this reason.

And it’s working.

Almost 70% of users are actively aware of phishing attacks, and about 15% of them are reporting phishing attacks to their security teams. That is way up from 15% awareness and 1.2% reporting only three years ago.

The problem is that it only takes 1 person to click on a malicious link to expose credentials, infect a network with ransomware, or – worse – cause a data breach. For that reason, security professionals also recommend:

  • Activating 2FA (2 Factor Authentication) on every account that supports it
  • Always use a passphrase instead of a password; they are longer and more secure
  • Run security updates as soon as they are available
  • Make sure your antivirus program is active and updated
  • Be suspicious of any requests for personal information
  • Don’t click on links; manually go to the website or make a phone call
  • Don’t get drawn in by demands for urgency; take a breath and check their legitimacy

With hackers growing more advanced, attacks are only going to increase in number and complexity. If you have a Microsoft account at home or work, you are a target. Of course, you are also a target if you use: Google, Amazon, Facebook, Netflix, Apple, any financial services, commerce services, educational services, government services – the list goes on and on and on.

So far as hackers are concerned, we are all targets, and awareness is the defense that is most likely to keep us safe.

Chucks Cyber Wall - Office 365 Phishing Attack
4 1 vote
Rate This Post
Notify of
Inline Feedbacks
View all comments
Would love your thoughts, please comment.x
Clark Computer Services IT Support Services Leadership Page Darren Clark in his office

Darren Clark

President and Owner

I left big business to start Clark Computer Services in 2003; not because I had a grand vision, but because I had three young children who needed their Dad around. Knowing I had to replace my salary, I went door-to-door visiting small businesses to introduce myself and ask if they needed IT support. I heard story after story from business owners and office managers about IT companies not returning calls and emails, grumpy technicians showing up late or not at all, and systems being down for days, weeks, and in some cases…months. I realized quickly that there was a clear and pressing need for reliable, honest, and professional IT support completed pleasantly and on time.

This experience created the foundation for Clark Computer Services and helped me articulate the vision that has guided the company for more than 15 years:

We will make customer service our highest priority and ensure that all customers receive friendly, reliable, and professional service on every job, at every sales call, and on everything we do.

If you need IT support

Please fill out the form below and provide a detailed question or comment. We will reply in a timely manner.