Patch Watch: Office 365 – The trendy new phishing target

Topic

New Reply

Here phishy, phishy, phishy….. Attacking Windows 10 is so yesterday. Malicious hackers have known for some time that phishing is a fruitful and chea
[See the full post at: Patch Watch: Office 365 – The trendy new phishing target]

Reply | Quote

Replies

This is one of the reasons I have for not leaving on-premise Exchange for Office 365.  Our users don’t have Office 365 logins, so they can’t get tricked into giving up credentials they don’t have.

Reply | Quote

Next year, our company will switch from Office 2010 to Office 365. This will be massive crash, I suppose. FYI some Excel files are still stored in *.xls format. Does anyone have experience with that big step “forward”?

Dell Latitude 3420, Intel Core i7 @ 2.8 GHz, 16GB RAM, W10 22H2 Enterprise

HAL3000, AMD Athlon 200GE @ 3,4 GHz, 8GB RAM, Fedora 29

PRUSA i3 MK3S+

Reply | Quote

They can still be opened in Office 365.

Susan Bradley Patch Lady/Prudent patcher

1 user thanked author for this post.

doriel

Reply | Quote

Susan Bradley said;
According to a Petri report, there were 155 million active Office 365 users in the fall of 2018, and the number was still growing rapidly.

… commercial users.

Plus 32.5 million consumer subscribers (bottom line of slide at top of report).

So 187.5 million active Office 365 users in the fall of 2018.

Reply | Quote

Susan Bradley said;
ATP can be added to all Office 365 installations for as little as U.S. $2 per mailbox.

Office 365 ATP will be available for purchase to all commercial customers for $2 per user per month.
https://www.microsoft.com/en-us/microsoft-365/blog/2015/04/08/introducing-exchange-online-advanced-threat-protection/

Not available for Office 365 Home or Personal users at any price:

Office 365 Advanced Threat Protection (ATP) availability
You can add ATP to the following Exchange and Office 365 subscription plans:
Exchange Online Plan 1
Exchange Online Plan 2
Exchange Online Kiosk
Exchange Online Protection
Office 365 Business Essentials
Office 365 Business Premium
Office 365 Enterprise E1
Office 365 Enterprise E3
Office 365 Enterprise F1
Office 365 A1
Office 365 A3
https://docs.microsoft.com/en-us/office365/servicedescriptions/office-365-advanced-threat-protection-service-description

Reply | Quote

Sorry forgot about that.  IMHO it should be default in ALL 365 plans.

Susan Bradley Patch Lady/Prudent patcher

2 users thanked author for this post.

Elly, b

Reply | Quote

I can confirm our Office 365 users are receiving quite a few phishing emails from malicious sources appearing to come from O365 “account management”, Adobe, Dropbox, One Drive to name a few. The good thing is we already are using a third party tool that does what ATP does and more. The great thing about this program is that whenever we get a phish attempt I submit that to their database which is added to the global list of known malware hosts. It also redirects links in email to first go through their servers to check for a malicious link and prevent the connection if it is not legit.

We also have trained our users how to handle email with another program that periodically sends a test email to users which are supposed to be forwarded to I.T. Over time our people have become great at detecting and reporting phish attempts.

Every business…..actually everyone but corporate entities especially should devote some time to train people on email use. It does make a difference.

The one thing that bugs me is that our people also are getting emails from what appear to be another user in our organization and these crooks know which people to direct certain topics to. Such as attempting to gain access to banking accounts directed to our Finance people. They are failing to compromise us so far because I see the attempts increasing lately. It seems like frustration on their part at failing to compromise a user.

This activity originated before we started using O365 for email hosting so this is not just an office365 issue.

Reply | Quote

#345069

For various reasons, I operate across machines with Office 97, 2007, 2010 and 2016 installed.

A fairly complex .xls file works across the lot, forward and back.  However, if whilst working in Office 2016, I introduce something like =XIRR(etc), that function will be converted to #REF in Office 97 and ignored.  Office 97 doesn’t change the command, so it will still work correctly in 2016, but Office 97 cannot work out what to do with the command.

An .xlsx is not backwards compatible with Office 97.  The maximum no of rows in the .xls format is 65,000, IIRC.  I have reached 160,000 rows (don’t ask…) in an .xlsx file without a problem.

 

Reply | Quote