If you have read a blog entry that I wrote when I first opened NMJ Technology LLC in 2012 (ref. “When you go to a cloud, you get exactly that” – http://www.nmjtechnology.com/?p=2078), you might know how I feel about the Cloud services. This goes for Office 365. Although, I can resell O365, I end up talking most clients out of it, for many reasons as described in that blog. But there is a new wrinkle.
Of course I am in business to provide excellent services and maybe make some scratch along the way. One of the services I resell is the big blue, happy, up and coming, glorified cloud service that is touted to be the be-all and end-all of all cloud services… Office 365 by Microsoft. Did that sound sarcastic? Sorry. I would love to sell as many mailboxes as I possibly can and grow that bottom line of a managed service that just sort of runs itself once deployed. The revenue would continually feed into my business bank account with little effort. When it comes to a hosted Exchange environment, Office 365 is one of the better services out there. Clients ask about O365. Other sales folk out there, who’s only goal is to sell, sell, sell regardless of the actual needs of the client, manage to pique the interests of the CEOs of corporations and sell it. I sell it, and only if the client is really set on it regardless of the risks I make known, but it is hardly one of my major profit areas. Why? ….
Because, there is a DARK SIDE to this.
The following description is one of the major ways in which email based scams and spams have classically worked. Anyone can do this. It is not hard to do. It is just hard to do it for long. For a while, I would be able to get away with spamming the world. I have a mail server. I can program it to look like ANY company’s domain mail server, and then use it to flood the internet with scammy, spammy mail that looks like the mail from that business…. for a short while. The point to notice here is that the mail I send is not coming from the actual legitimate business mail server. It’s coming from mine. Eventually my public IP addresses would be blacklisted, AT&T would get notified and eventually turn my Internet off, and I would be forced to do my dirty work another way. In any case, it is relatively easy using a spam protective service, such as my NMJ GuardianMail, to block such mail. Many checks and balances are finally creeping into the standard email server infrastructures that help legitimate mail servers to be known as legitimate, and illegitimate mail servers to be known as illegitimate. This is not new, this is old old news. So what’s that new wrinkle?
The mailboxes of many many Office 365 tenants are systematically being hacked and used to send viral risks, redirects, spam, scam, and other illegitimate email. I am not talking about the kind of “spoofed” email, as described above, I am not talking about mail that just looks like it came from a trusted employee or contact, but instead was sent from some rogue, random server out there that has yet to be found and shut down by the offending internet service provider. Instead, I am talking about Spam, Scam, Risky, Infected, Redirecting, illegitimate email is being composed and sent directly from the Office 365 servers. And since Office 365 tenants all share the huge farm of Office 365 mail servers that are responsible for sending and receiving email, this crap cannot be easily detected and blocked. Why, because the email is composed on, and leaves from the very same Office 365 servers that the legitimate corporation is using. Worse than that, the email originating from the Microsoft Office 365 servers are usually target a particular outside client. It is not just spam, but it is carefully crafted SCAM email meant for exactly the user that received it. EVIL!
I have many clients, and most still have onsite Exchange servers. I know that my clients are not causing the problem. Their servers are protected, they use good password policies, their server is not originating spammy stuff. And they have NMJ Technology LLC to help make sure they are not the ones responsible for promoting the spammers an hackers of the planet. But as the receiver of mail, some of these clients have been TARGETED by the hackers that have taken over control of many Office 365 mailboxes in the Office 365 tenancy. These hackers are inundating my clients, as well as I am sure other businesses, with a non-stop barrage of this specifically targeted ongoing ATTACK of spam and phishing email.
What I mean by “targeted” is that the email are all very close imitations of legitimate email communications between this client and their customers and vendors. The email has the same verbiage, signatures, manner of speaking, attachments names, and everything that the customer and vendors themselves would say or send. But these emails are BAD, and have phishing or links to virus content. Of course, since the email looks like it is coming from a legitimate customers or vendors, the users are more likely to open the email. And users do this, users always trust that things are safe if it looks like it came from “our good customer BOB”.
I’ve determined one thing for sure, all of that BAD email are being sent to my clients mail servers from the Office 365 servers. The internet headers that are attached to every email show this.
I have a lot of clients. Of course spam and phishing and scam email are a regular fact of email life, but this is different. This is a new breed of security threat. I feel Microsoft need to find the hackers, and close the flood. I have attempted to open cases with Microsoft regarding this. But Microsoft has a very specific method to set the scope of a problem, and since my clients are not using Office 365, support will only address issues as they fall within the scope of my Exchange server. And what do they find? Nothing wrong. My servers are perfectly fine and functioning as designed…. so I try to segue the Microsoft Support into realizing that this is a huge security issue on the Office 365 services…. they don’t care. They refund my $500 support fee as having not found anything wrong and close the case. Its a ridiculous catch 22.
What can you do?
I have been asking my clients to forward these suspiciously legitimate looking emails to email@example.com and firstname.lastname@example.org, Microsoft’s official Spam, Scam, and Phishing email reporting mailboxes, in hopes they will see this activity and squelch it.
The other thing you must do is become a pain in the butt to your outside vendor or client that is sending you the duplicated email. THEY ARE the Office 365 tenant and THEY CAN open up a support session with Microsoft to fix this. I know of one company that is a Microsoft 365 tenant and has confirmed that they are a victim of being one of the “sources” of the scam emails coming from Office 365. They have opened a case with Microsoft and they have stated that it has been a NIGHTMARE to get a resolution. This business HAS CONFIRMED from Microsoft that they are a victim and Microsoft is aware of the issue. What Microsoft is NOT doing is admitting this publicly and NOT DOING ENOUGH to stop it.
Do you want to go to Microsoft Office 365! I’ll be glad to sell it to you, but you need to know that you might become the next victim.
SO MICROSOFT….. GET OFF YOUR DUFF AND FIGURE IT OUT!