Odyssey Systems has issued a warning over a ‘vishing’ scam sweeping the North East designed to harvest Office 365 log in details.
The victim receives an email from a known contact whose details have previously been captured by the scammers, saying they have left a voicemail message.
To listen, the recipient is asked to log on using their Office 365 username and password – allowing the hacker access to the entire email account.
Vishing or voice phishing is the practice of sending emails which pretend to be from a reputable person, company, or government service to trick people into surrendering sensitive information.
The first the victim is often aware that their data has been compromised is when all their email contacts receive an identical vishing email, sometimes within minutes of the initial security breach.
Mike Odysseas, founder and managing director of Stockton-based Odyssey Systems, said that it was one of several similar vishing attacks, all based on voice messages.
Some persuade recipients to either give away their passwords while others ask them to click a link that then downloads malware onto their computer.
He said: “These vishing attacks use the name of a familiar sender and rely on the victim’s curiosity to listen to the message.
“I would urge people to use Two Factor Authentication (2FA) which provides a much higher level of protection than Single Factor Authentication that many users have for Office 365 accounts.”
With many of the vishing scams originating from abroad, the system is further strengthened through verification being linked to a UK-registered phone number.
2FA offers a much higher level of security, adding a further level of authentication other than username and password to access an account – preventing someone being able to gain access using stolen details.
Mike added: “Many of these vishing attacks focus on harvesting data and in doing so they perpetuate the scam by constantly gaining access to fresh email addresses.
“They are searching for sensitive information and the possibility that the password used to log to the Office 365 account is the same used by the victim for the online banking or one use for your online banking or Amazon account – which can potentially land them with a big pay day.”