how to use internet.

← Back to Scams & phishing

Defend your organization from business scams

Progress 0 / 12
Chapters (12)

Microsoft 365 / Google Workspace attacks

Cloud productivity platforms—Microsoft 365 and Google Workspace—are critical infrastructure for modern businesses and prime targets for attackers. With 35% of phishing impersonating Microsoft and 71.4% of M365 users experiencing monthly account compromises, securing these platforms is essential.

The Scale of the Problem

2024 Statistics:

  • 35% of all phishing impersonates Microsoft
  • 71.4% of M365 users have compromised account monthly
  • 10x surge in password attacks (30 billion/month)
  • 42x increase in QR code phishing targeting M365
  • $12.5 billion lost to M365-related attacks
  • Google Workspace: 15 billion phishing emails blocked daily

Common Attack Vectors

Microsoft 365 phishing:

  • Fake Microsoft login pages
  • “Your account will be suspended” emails
  • SharePoint file sharing notifications
  • OneDrive file requests
  • Teams meeting invites from strangers
  • OAuth app consent phishing

Google Workspace phishing:

  • Fake Google Drive sharing notifications
  • Gmail security alert scams
  • Calendar event spam
  • OAuth permission requests
  • Google Docs commenting attacks

QR code phishing:

  • QR codes bypass email filters
  • Leads to credential harvesting sites
  • 42x increase targeting executives
  • Appears in emails, PDFs, calendar invites

Protection Strategies

Authentication security:

  • Phishing-resistant MFA (FIDO2 keys, Windows Hello)
  • Disable legacy authentication protocols
  • Conditional access policies
  • Passwordless authentication where possible

Email security:

  • Advanced threat protection enabled
  • Safe links and safe attachments
  • Anti-phishing policies configured
  • External sender warnings
  • Impersonation protection

Access controls:

  • Conditional access based on location, device, risk
  • Block legacy protocols (SMTP, POP, IMAP)
  • Require managed/compliant devices
  • Just-in-time admin access

Monitoring and alerts:

  • Sign-in logs reviewed regularly
  • Unusual activity alerts
  • Impossible travel detection
  • OAuth app audit
  • Data loss prevention policies

Key Takeaways

  • 35% of phishing targets Microsoft users
  • Phishing-resistant MFA required for all accounts
  • Conditional access limits risk-based access
  • Monitor OAuth apps for suspicious permissions
  • QR code phishing bypasses traditional filters
  • Regular audits of cloud security settings
Author:
How To Use Internet
Last updated:
11/30/2025