गंभीरसक्रियट्रेंडिंग
Critical Risk
95%
Microsoft 365 Phishing
Business email compromise and OAuth consent phishing targeting M365 tenants.
#phishing#bec#microsoft-365
खतरा अवलोकन
Microsoft 365 phishing targets organizational credentials through fake login portals, OAuth consent grants, and session cookie theft aimed at BEC and data exfiltration.
हमले का व्यवहार
- Fake Microsoft login on typosquat domains
- Malicious OAuth app consent requests
- Mailbox rule creation for persistence
संक्रमण विधियाँ
- Spear-phishing to executives
- Shared document lure emails
- Teams and SharePoint notification abuse
लक्षण और संकेत
- Mailbox forwarding rules you did not create
- OAuth apps with excessive permissions
- Impossible travel sign-in alerts
तत्काल शमन
- Revoke suspicious OAuth grants in Entra ID
- Reset passwords and invalidate sessions
- Audit mail flow rules
हटाने का मार्गदर्शन
- Remove malicious inbox rules
- Review SharePoint external sharing
- Enable conditional access policies
रोकथाम विधियाँ
- Phishing protection and safe link scanning
- Phishing-resistant MFA
- User awareness training
टेलीमेट्री संकेत
- Login from anonymizing proxies
- Consent grant to unknown app IDs
- Auto-forward to external domains
Attackers trick users into approving malicious apps that gain persistent API access to mail, files, and contacts without storing passwords.