Imagine you’re a hacker.
You craft an enticing phishing email, perhaps with the help of AI, and then you start to cast out your bait to prospective victims (gathered from earlier phishing attacks, of course).
You know it is a numbers game. The majority of your emails will be blocked by anti-spam software or deleted by savvy computer users, but the small number who you persuade to click on the link will prove to be lucrative if you can trick them into divulging their login credentials.
Success! An unsuspecting person has handed over their email password and the MFA (multi factor authentication) code can be bypassed. Time is of the essence; log in and change settings. Most importantly, make sure that any replies to your phishing emails from their account do not appear in their inbox; the deleted items folder works well for this. Isn’t it surprising how many recipients of dodgy-looking emails simply reply by email rather than picking up the phone to verify if it’s real and intended?
It would be a luxury to be able to peruse your victim’s Microsoft 365 account at your leisure without the fear of being caught in the act of hacking. Have they left a loophole in their PC security ready for you to use? YES! Their user login includes admin rights.
Why do admin rights matter? Well, this allows you, the hacker, to install programs which manipulate the data on the target PC. A legitimate piece of software like PerfectData can make a copy of the entire Outlook contents; essentially a Microsoft 365 account takeover.
As well as granting you time to do your dastardly work, the victim will be lulled into a false sense of security. After all, they entered their credentials on the link within the email but nothing happened. You can return to the scene of the crime days later to unleash your cyber-attack, using the addresses harvested from their Outlook account. They won’t know what’s hit them.
The moral of this story:
The administrative rights on a computer are very powerful. They control if you can make fundamental changes including installing software.
As part of your cyber security armour, your IT support adviser will insist that the admin rights are in a separate login from your user profiles. Indeed, it is one of the requirements of Cyber Essentials. This ensures that, even if you suffer from a hacking attack, the cyber criminal cannot take total control of your system.
The Microsoft Outlook default allows users to approve software installs which access data. This should be changed to close this loophole. Strangely, Microsoft’s recommendation (but sadly not the default setting) is to allow only a limited range of applications to access data, although in this case PerfectData is a legitimate application being used for a malicious reason, so it would have been allowed anyway. The strictest option available limits installations to administrators only.
It can be very frustrating, I know, when you just want to install a simple app and the computer says NO, but this hurdle has been implemented to protect you, not to inconvenience you.
We have witnessed a phishing attack using PerfectData software; trust me, you don’t want this to happen to you.
If you are unsure if your IT is as protected as it could be, it’s time to have a conversation with Computer Troubleshooters.