Office 365 email hijacking on the rise
There has been an increase in employee Office 365 email accounts compromises, due to clicking on infected links, attachments, ads or spoofed websites. Once an employee’s email account is compromised, imposters use the employee’s email address to send out phishing emails.
Higher risk employees who may be targeted are those who have the capability to update either employee or vendor financial information such as bank accounts or direct deposit accounts, or anyone with administration roles can access system and application controls and access.
Now more than ever departments should be implementing additional internal controls instructing employees not to rely solely on electronic communications or email addresses to determine if an email is legitimate and safe.
Action step:
- Send the Pause Verify Report infographic to all staff, and include these steps are part of daily operation internal controls, especially for staff who manage fiscal and payroll operations.
- As part of Cybersecurity Awareness Training, have your staff watch the 10 min Cybersecurity Made Simple with Pause, Verify, Report video which can help reduce incidents.
Always report any suspicious activity to your security staff immediately. See our CTR Cyber page for more cybersecurity internal controls and contact [email protected] with any incidents or suspected incidents of fraud or cyber threats or if you need support from our Statewide Risk Management Team.