With access to corporate e-mail, cybercriminals can perform business e-mail compromise–type attacks. That’s why we see so many phishing letters directing corporate users to sign in to websites fashioned like the MS Office login page. And that means it’s very important to know what to pay attention to if a link redirects to a page like that.
Cybercriminals stealing credentials for Microsoft Office accounts is nothing new. However, the methods attackers use keep getting more advanced. Today, we’re using a real-world case — a letter we actually received — to demonstrate best practices and to outline some of the new tricks.