Microsoft and Proofpoint have teamed up to protect customers from malicious threat actors. The bad guys tried to use fake accounts and OAuth apps to steal end-users’ emails, calendars, and meeting info.
Two of the apps were named “Single Sign On (SSO),” and the third one was called “Meeting,” requesting access to the following permissions:
- Read your mail
- Maintain access to data you have given it access to
- Read your mailbox settings
- Sign in and read your profile
- Send mail as you
- Read your calendars
- Read your online meetings
Proofpoint’s research indicated that UK-based organizations and users were particularly affected by this campaign. Individuals working in the areas of finance and marketing, as well as more influential figures such as managers and executives, were all among those hit hardest.
Thankfully, Microsoft acted swiftly by shutting down the accounts and OAuth applications before any harm could be done. They’ve also implemented new security measures to ensure this doesn’t happen again – a testament to their commitment towards customer safety.
However, it is still crucial for us all to stay vigilant and protect ourselves from similar attacks. We must be careful not to give away any personal information without permission and educate ourselves on the best ways to keep safe in the digital world.
Together, we can work towards creating a safer internet for everyone!