Nicolet Federated Library System
  • Libraries
    • Advocacy
    • Curbside Pickup
    • Employment Opportunities
    • Fast Facts
  • Catalogs & Resources
    • Beanstack Library Reading Programs
    • Brown County Library Catalog
    • InfoSoup Library Catalog
    • OWLSnet
    • Wisconsin's Digital Library
    • Wisconsin's Online Library: BadgerLink
  • Library Services
  • Trustees
  • NEWIL
  • About Us
  • Blog
  • Libraries
    • Advocacy
    • Curbside Pickup
    • Employment Opportunities
    • Fast Facts
  • Catalogs & Resources
    • Beanstack Library Reading Programs
    • Brown County Library Catalog
    • InfoSoup Library Catalog
    • OWLSnet
    • Wisconsin's Digital Library
    • Wisconsin's Online Library: BadgerLink
  • Library Services
  • Trustees
  • NEWIL
  • About Us
  • Blog
Search

COVID-19-related Cybercrime: Microsoft Takes Legal Action

7/15/2020

0 Comments

 
According to a recent blog post by Microsoft, cybercriminals have been "taking advantage of the COVID-19 pandemic in an attempt to defraud customers in 62 countries around the world. Our civil case has resulted in a court order allowing Microsoft to seize control of key domains in the criminals’ infrastructure so that it can no longer be used to execute cyberattacks."

Because this issue directly affects our librarians, we thought it important to relay the following information regarding these phishing attacks. Read more below for a highlight that has been pulled from the article...
"These cybercriminals designed the phishing emails to look like they originated from an employer or other trusted source and frequently targeted business leaders across a variety of industries, attempting to compromise accounts, steal information and redirect wire transfers. When the group first began carrying out this scheme, the phishing emails contained deceptive messages associated with generic business activities. For example, the malicious link in the email was titled with business terms such as “Q4 Report – Dec19,” as seen below."
Picture
Business-themed phishing email
"With these recent efforts, however, the phishing emails instead contained messages regarding COVID-19 as a means to exploit pandemic-related financial concerns and induce targeted victims to click on malicious links. For example, using terms such as “COVID-19 Bonus,” as seen here."
Picture
COVID-19-themed phishing email
"Once victims clicked on the deceptive links, they were ultimately prompted to grant access permissions to a malicious web application (web app). Web apps are familiar-looking as they are widely used in organizations to drive productivity, create efficiencies and increase security in a distributed network. Unknown to the victim, these malicious web apps were controlled by the criminals, who, with fraudulently obtained permission, could access the victim’s Microsoft Office 365 account. This scheme enabled unauthorized access without explicitly requiring the victims to directly give up their login credentials at a fake website or similar interface, as they would in a more traditional phishing campaign.

After clicking through the consent prompt for the malicious web app (pictured below), the victim unwittingly granted criminals permission to access and control the victims’ Office 365 account contents, including email, contacts, notes and material stored in the victims’ OneDrive for Business cloud storage space and corporate SharePoint document management and storage system."
Picture
Consent screen of the malicious web app
Click here to read the entire post from Microsoft.
0 Comments

Your comment will be posted after it is approved.


Leave a Reply.

    NFLS Blog


    NFLS Blog home page

    Categories

    All
    Adult Services
    ALA
    ARSL
    Continuing Education
    COVID 19
    CSLP
    Employment Opportunities
    Grants / Scholarships
    Inclusive Services
    InfoSoup
    Marketing
    NEWI
    News Releases
    Nic News Weekly
    Summer Library Programs
    Technology
    WI DPI
    WiLS
    WiscNet
    WISL
    WLA
    WPLC
    Youth Services

    Programming & Resources

    Archives

    April 2021
    March 2021
    February 2021
    January 2021
    December 2020
    November 2020
    October 2020
    September 2020
    August 2020
    July 2020
    June 2020
    May 2020
    April 2020
    March 2020
    February 2020
    January 2020
    December 2019
    November 2019
    October 2019
    September 2019
    August 2019
    July 2019
    June 2019
    May 2019
    April 2019
    March 2019
    February 2019
    January 2019
    November 2018
    December 2017
    October 2017
    July 2017
    May 2017

    Pre-2019 Archives:
    Tech Bits Archive

    RSS Feed

NFLS homepage
Nicolet Federated Library System
1595 Allouez Avenue, Suite 4
Green Bay, WI 54311

Phone: 920-448-4410
​Fax: 920-448-4420
Staff Hours: Weekdays, 8:00 a.m. - 4:30 p.m.
Visitor Hours: By Appointment Only
Accessibility Statement
​Office 365 Email Login
  • Libraries
    • Advocacy
    • Curbside Pickup
    • Employment Opportunities
    • Fast Facts
  • Catalogs & Resources
    • Beanstack Library Reading Programs
    • Brown County Library Catalog
    • InfoSoup Library Catalog
    • OWLSnet
    • Wisconsin's Digital Library
    • Wisconsin's Online Library: BadgerLink
  • Library Services
  • Trustees
  • NEWIL
  • About Us
  • Blog