On Day 25 of Cybersecurity awareness month, learn to protect your Office 365 suite from credential phishing that uses fake Office 365 sign-in pages. Stay tuned for more blogs in the Office 365 Cybersecurity blog series.
Are there any differences in the above default Microsoft login portals? No, both are legitimate Microsoft login portals with the same user interface, right? Ok then, what about the URL? Ugh! It looks different! 😮 How did you miss the URL? Do you know what will happen if you do not notice these kinds of fake login portals? This is where the hacker’s key play stands!
“Cyber-Security is much more than a matter of IT”
– Stephane Nappo
Exactly! As we all know, fake Office 365 login portals are now so trendy these days. Attackers cleverly use phishing pages with fake sign-ins to fool Office 365 users.
What are the possibilities for fake Microsoft login pages?
Attackers use different phishing strategies to steal Office 365 login credentials and may log into your enterprise. You may think it might be easy to find fake login portals as we are familiar with them. What would you do if you found yourself in the following situations?
- Call for action or threats – Attackers can create a false sense of urgency like ‘Your password is expiring soon’, ‘Click to download invoice’, ‘Action Required’ or other ‘Do it immediately’ actions that reduce our patience and force us to act abruptly.
- Spelling and bad grammar – You can find some misspellings when you are routed from illegitimate links to some websites or pages that require login credentials. However, you will move forward with the actual process without noticing those mistakes.
- Suspicious links – You often see ‘Click here to know more’ links. Sometimes, this may take you to where it requires your credentials for further proceedings. The attackers behind this scam may have set up a fake portal that looks like an office 365 sign-in portal. Your credentials will get compromised as soon as you type and will be redirected to the original portal without any clue.
Do you think the above scenarios make sense? Yes, it is true that these are just a few of the tricks that users fall for when dealing with phishing schemes.
“Think Before you click”
It’s not a cause for concern! There is a simple method to strengthen your security from these types of vulnerabilities encountered through fake Office 365 login portals.
How does Microsoft 365 Company Branding help to mitigate phishing attacks?
Microsoft is the most targeted by phishers and still stands top on the victim’s list amongst all the cloud companies. Most of the attackers try to create fake login pages like a default one. They won’t target specific domains by recreating login pages using their corporate logo and banner. Hence, configuring company branding helps users spot those phishing pages and adds little complexity for attackers to recreate them.
If you are Microsoft 365 Enterprise admin, you can now add your company branding to your Office 365 to protect yourself from those malicious credential phishing attacks. Company branding will appear after entering the username and will be visible only on the password and MFA page.
Configure Company Branding to customize your Office 365 sign-in portal
Follow the steps below to customize your Office 365 login page with your company banner and logo.
1. Sign into the Azure Portal as a Global administrator.
2. Select ‘Azure Active Directory’ and then select ‘Company branding’ under ‘Manage’.
3. Click Configure and provide the below General Settings.
|Language||The language for the first custom branding is your default locale and it can’t be changed. However, you can add a language-specific custom branding once the default sign-in experience has been created.|
|Sign-in page background image||Backgrounds can be set as PNG or JPEG files. It will appear in the center of the browser. Images should not be greater than 1920*1080px and larger than 300 KB.|
|Banner logo||PNG or JPEG can be accepted for banner logos. It will appear on sign-in pages after the user sign-in. The image shouldn’t be larger than 60*280px and larger than 10 KB. Transparent without a padded image is recommended.|
|Username hint||This hint would appear to the user if they forgot their username. This text must be Unicode, without any links or code and can’t exceed 64 characters. This hint will not be shown when guests log in to the portal.|
|Sign-in Page Text||This text will appear at the bottom of the sign-in page. It is additional information such as the phone number or email. This text should not exceed 1024 characters and must be Unicode. To begin a new paragraph, press the enter key twice. You can also change the text formatting by following the below syntax. |
Bold: **text** or __text__
Italics: *text* or _text_
4. Set up Advanced Settings. However, it needs Azure Premium licenses or Office 365 subscription (for Office apps).
- Set the sign-in page background color in hexadecimal format (#000000).
- Then, select the image (should be in PNG or JPEG) for the square logo image. It is used for Windows authentication and is shown only for users who are using Windows Autopilot. Transparent without a padded image is recommended.
- Next, insert the square logo image – dark theme. It will be shown when users are logged in to Office 365 portal in dark mode. If your logo works with white, dark blue, or black, adding this is not needed.
5. Show option to remain signed in – You can uncheck this option if you want your users to log in each time the browser is closed and reopened.
6. Once you have configured all the options, select Save in the upper-left corner of the portal.
This process will successfully create the first default custom Office 365 branding configuration for your tenant. You can’t remove this branding after once created.
Note: You can also configure language-specific sign-in experience by selecting a ‘New Language’ in the portal. Follow the default sign-in experience steps above to create more brandings in different languages.
How to stay safe from Credential Phishing attacks?
As you may be aware, 91% of phishing attacks originate from suspicious emails or vulnerable links. Credential phishing is the most common threat factor used by attackers to gain access to sensitive Office 365 data. If you are an O365 admin more concerned about your organization’s security, check and follow the instructions below to keep your environment safe and secure.
- Monitor the Office 365 sign-ins to detect suspicious logins or unusual logins in different time periods.
- Enable necessary password policies to create strong passwords and allow only safe logins to your O365.
- Don’t forget to confirm whether you have enabled necessary authentication methods like MFA. However, in recent times, attackers can easily bypass MFA with their clever tricks. So, it is highly recommended to enable a passwordless MFA, a secure one.
- Collaborate securely with external companies and partners using Azure B2B collaboration.
- Always stay up to date on security updates and use a firewall to stop suspicious activities.
- Be aware of fake domains such as c-t[.]XYZ, a-c[.]club, etc. and conduct anti-phishing programs regularly to educate employees about current phishing attacks and strategies.
What to do if an account is phished?
If an O365 account has been phished, don’t panic, and take the necessary action to recover the compromised account for safeguarding your organization’s data. Recovering from malicious phishing attacks can be enormously expensive and time-taking. So, don’t wait for it to happen! Be cautious and protect your company from security and reputational damage.
“Be Assured, Be Secured”
I hope this blog will find you one more way to enhance your security shields towards suspicious security attacks. Stay tuned for more O365 security instructions!
Don’t forget to post your thoughts or suggestions in the comment section. It will greatly help us to fulfil your requirements in the future.