Phishing isn’t something new. In fact, today, it’s one of the most common forms of cybercrime. Although we are all aware of it and even have services/software to help detect it, Phisherman still have great success. Even with all these security controls in place, Phishing emails still get through using simple spoofing techniques and open relay servers.
The most well known Phishing emails are the classic “You’ve won the Nigerian Lottery” or “I need an investment in order to release millions to you”. These Phishing attempts are normally obvious to spot and come in the form of a poorly written email. If you know anyone who is still falling for these, you can help them out by pointing them to the Google Phishing Quiz. This is a neat interactive tool that could help educate your friends and users:
Since the world of computing has evolved, so have the malicious parties. It’s no longer obvious. Don’t get me wrong, there are still common signs but to an average user, these cannot always be seen. Below is the recent Microsoft URLs that malicious parties have put together in order to harvest credentials.
You may think “I could spot this” but can your user base?
These Phishing emails often contain some sort of urgency about them. “You’re account will be deleted” or “You’ve been hacked”. This can cause the user to become panicked and want to fix the issue themselves in order to protect their work. After all, having to simply login to stop your account from being deleted seems a pretty easy solution. If the user has bought into the Phish and clicked the link, they may be presented with the login screen below.
Now this looks pretty convincing. Remember that at this point, you would be worried that your account has been hacked/deleted so you might not have noticed the incorrect URL or wording on the site. Once you have entered your email and password, you will often see a ‘Failed sign in’ page or be redirected to Microsofts actual site. The credentials you or they have entered are now the malicious parties and if you don’t have MFA or conditional access enabled can be used to cause damage.
Now back to why I wrote this. The company brand is something that can actually help your users during these types of threats. Having your company logo on all logins screens shows the users that the site is legit. A company logo is recognizable and easy to see. Remember an average user will not be checking the URL before entering their credentials. A simple logo could be seen in seconds and becomes noticeable when missing.
Setting this up is easy to do and takes less than 5 minutes.
Once you login to your Azure portal, you will need to click on the highlighted path below:
Here, you can upload your company logo. This will then be applied to all your login screen which use your AAD such as O365. The company logo will then appear once the user has entered their email address.
This might not solve all your Phishing problems but is a simple way to help your users realize if the site asking for credentials is legit. I say it doesn’t solve all problems as if your are being targeted specifically, it would be pretty easy for them to add your company logo onto the fake site. If they have stolen or are aware of any company email addresses, they could use this to find out what your users login experience is. Adding the same logo to the fake site will then boast credibility of the site and help convince the user that this fake site is real. This is less likely to happen though as the majority of these are sent in large waves to hundreds of domains.
That being the case, taking a few seconds to apply your company logo to your Azure tenant in order to mitigate several phishing attempts that my fall through the cracks, seems like a good idea to me. Below is an example of how it could look for you: