Security Update: Microsoft Outlook Vulnerability and MFA scams

You may have heard that within Microsoft’s latest update there was a fix for a Microsoft Windows Outlook vulnerability. A vulnerability is when there is a problem with the code of the program that allows the bad guys to attack you in some manner. This one is notable because the bad guys can exploit this vulnerability simply by sending you a specifically crafted email and you don’t even have to open the email.

Microsoft has already released a patch for this that fixes the code but in doing so they have also told the world the vulnerability exists so we expect to see more attacks in this area. If you are on service contract with us, we’ll make sure the patch gets rolled out.

Keeping your software up to date with patches is the best way to prevent attacks.

***

The second thing you can do is have an MFA (mutil factor authentication) on your email (and other software that contains confidential information. Recently we have seen a number of attempts to trick people to click on their MFA. We put together the following to warn our clients about this:

We have recently received reports of an increase in fraudulent attempts to compromise user accounts through unexpected MFA (multi-factor authentication) prompts. To safeguard your account and personal information, we want to remind you of the importance of being vigilant when approving MFA requests.

Please be aware of the following:

MFA should only be prompted when you are actively trying to access your account or perform sensitive actions. If you receive an unexpected MFA request, do not approve it. Instead, report the incident to our security team immediately.

Be cautious of any unusual patterns or timings of MFA prompts. Cybercriminals may try to trick you into approving an MFA request by timing it to coincide with a legitimate login attempt. Always double-check and verify that the MFA prompt is genuine before approving it.

Avoid sharing your MFA codes or authenticator app with anyone. These codes are designed to provide an additional layer of security for your account and should be kept confidential.

Update your account security settings regularly, including your password and recovery options. Ensure that you use strong, unique passwords and enable MFA on all accounts where possible.

Educate yourself about common phishing techniques and be cautious when clicking on links or opening attachments from unknown sources. Cybercriminals may use phishing emails to gain access to your account and trigger unauthorized MFA requests.

Your account security is our top priority, and we are continuously working to improve our systems and processes to protect you against emerging threats. If you have any questions or concerns, please do not hesitate to reach out to our support team.

If you'd like to discuss or implement any of the above, be sure to call us at 416-805-9296.