Home/Tag:Microsoft Office 365

Microsoft Office 365

Tech Talk: Windows 7 End of Life

Microsoft has recently announced that support for the widely-used Windows 7 will be coming to an end in January 2020. Join us on today’s Tech Talk as we dive into the steps your business will need to take to prepare for these upcoming changes.

Windows 7 Support Is Ending

The start of 2020 will mean the end-of-life for Windows 7 support, along with Microsoft Server 2008, Exchange 2010 and SQL Server 2008. The most important thing to be aware of is that software patches for all of these systems will cease. This is so important because without continued patch updates, those systems will remain susceptible to cyber security issues, increasing the chance that your organization will encounter a data breach or ransomware attack.

You might be wondering what steps to take? First, if your business has workstations running Windows 7 with computers that are three years old or less, we recommend upgrading them to Windows 10 before the deadline. For computers that are older than three years we recommend replacing them entirely.

Thankfully, the new Microsoft 365 package includes upgrade licenses from Windows 7 to Windows 10 Pro. So, if your organization is looking for a cloud solution and wants to beef up your security, you now have the opportunity kill two birds with one stone. Also, Microsoft is offering free extended support if you chose to transfer your server workload to Microsoft Azure.

With this knowledge, you can plan out to your strategy for the upcoming end-of-life for Windows 7. We at TechMD are committed to helping your organization stay up-to-date with ongoing changes and move your business forward. Feel free to contact us if you have any questions and have a great day.

April 9th, 2019|

Cybersecurity Alert: SharePoint Phishing Attack Targets Office 365 Users

New PhishPoint Attack May Be Affecting As Many As 10% of Office 365 Users

Recently we have been seeing a new phishing attack called PhishPoint that is targeting Office 365 customers. In this scam, cybercriminals are inserting malicious links into SharePoint files and then sharing them with potential victims, ultimately allowing them to steal Office 365 user credentials.

This attack is particularly insidious because it bypasses Office 365’s built-in security. Microsoft automatically scans incoming emails for malicious links and attachments, but a link to Microsoft’s own SharePoint Online platform wouldn’t raise any red flags with their system. Because the malicious phishing link is hosted in the SharePoint file rather than the email itself, is goes unnoticed by Microsoft’s email security.

How to Spot A PhishPoint Attack

In a PhishPoint attack, the target will receive an email that looks exactly like the standard SharePoint invitation to collaborate:

an example PhishPoint email

Clicking on the link will automatically open up a SharePoint file. This SharePoint file will contain content that looks like a standard request to access a OneDrive file. However, the link to “Access Document” is actually a malicious URL.

A malicious SharePoint file

Clicking on the SharePoint link to access the document takes the user to a spoofed Office 365 login page. When the victim enters their username and password, their credentials will be recorded and stolen by the hacker.

PhishPoint ultimately leads to a spoofed Office 365 login screen

How Can You Protect Yourself?

Like many phishing attacks, PhishPoint is designed to perfectly imitate aspects of the Office 365 experience in order to lull users into a false sense of security. Here are a few things to keep in mind:

  • PhishPoint emails are unsolicited and usually have a generic subject line like “[name] has sent you a OneDrive for Business file”. If you are not expecting a file share from someone in your office, take the time to verify the email’s legitimacy by calling the sender directly or, better yet, talking to them in person.
  • Many PhishPoint emails attempt to manufacture a sense of urgency by including words like ACTION REQUIRED or URGENT in their subject lines. Don’t let the sense of urgency put you in a hurry—take the time to look closely at emails like this before clicking on them.
  • Always check the URL when you receive suspicious links! In PhishPoint’s case, when you finally make it to the login page, you can tell that it is not associated with the Office 365 domain by looking at the address bar in your browser.

To learn more about how to spot phishing attacks, check out this helpful video. As always, make sure you stay alert and think before you click!

August 21st, 2018|

Tech Talk: Work Seamlessly with Office 365

Microsoft Office 365 includes a wide range of cloud applications that can revolutionize productivity, collaboration, and work mobility. In this Tech Talk, Sebastian Igreti tours Office 365 and discusses how it can transform the way businesses leverage the traditional Office software stack.

January 25th, 2018|