If you are someone who uses Microsoft 365, it is important for you to be aware of common scams that target Microsoft applications like Outlook and Exchange. Many Microsoft-related scams are well known since they have existed for decades, but as the application sees more and more updates, more and more scams target it. Some of the risks involve Microsoft rules, forms, and connectors. Rules can define actions to automate tasks like email filtering, forms can be used to collect data, and connectors can be used to create digital bridges between different applications. If a hacker gains unauthorized access to your account, they can manipulate these rules, often in ways that go completely undetected by the victim. For example, a hacker might send malicious emails through your email account and use rules, forms, or connectors to automatically delete sent emails from your sent mailbox to get rid of the evidence.
Recently, some cybersecurity experts have noticed a rise in email-related scams that use connectors. Connectors can be used at the Microsoft Exchange level to control email flow. Microsoft has released a variety of statements over the past several months warning users of malicious Exchange connectors that are being used to send out spam and phishing emails in bulk. They explained that hackers can either compromise an existing connector or compromise an admin account and set up a new malicious connector in order to hijack your system.
One example of a scam that could use a connector is one that you may be vaguely familiar with. In some scams, a hacker will somehow gain access to your email account, then use your account to email clients, explaining that you have updated your bank information and that they need to send future payments to a new bank account. Then, your clients will accidentally send their payments to the hacker instead of you. These scams are often hard to spot since they are sent from your legitimate email account. During this attack, the hacker could use connectors to hide both sent and received emails to prevent you from noticing the fraudulent activity. Many people have gone weeks without noticing anything was wrong.
If you manage your Exchange yourself, you can check your connectors settings by going to your Microsoft 365 admin center console, then going to the Exchange admin center, then clicking on Mail Flow, and finally clicking on Connectors. You should not have any connectors displayed here unless you have intentionally set some up. You should also ensure that your existing connectors, if you have them, have not been modified. You can read about Microsoft’s recommendations for responding to a compromised connector here, or contact your trusted IT partner. If you have any suspicions that your system has been compromised, do not hesitate to contact an IT provider like Blue Oak. If your systems are managed by a professional IT provider, you should direct any questions you may have their direction. If you use a security monitoring system like Augmentt, it will keep track of your connectors and let you know if one is added.
Read our previous post here: Things To Consider When Buying A New Device
