Researchers at phishing platform Cofense discovered a new phishing attack aimed at Office 365 accounts.
- A new phishing attack using a SharePoint document was discovered by researchers.A fake SharePoint file was introduced in a fake email to lure users into offering their account credentials.There are a few details to watch out for in a regular phishing attack. You’ll find them in this article.Researchers offer a few recommendations when it comes to preventing phishing scams.
The method used isn’t a novelty: the attackers inserted a fake SharePoint document into an email, requesting urgent review and response.
The seriousness of the event is more concerning since it managed to bypass Microsoft’s security layers, the report shows:
The details to look after in a phishing attack
Similar to other phishing scams, this one was also spread via a seemingly legitimate email.
The campaign was found in an environment protected by Microsoft’s own secure email gateway (SEG). With thousands of individuals still required to telework, this has created a perfect opportunity for hackers to lure their victims with almost picture-perfect sharing themed emails.
A first notable detail was the sender’s email address: the name wasn’t clear, nor was a Microsoft reference or the organization’s title.
Then, the email contained a team project document apparently uploaded and shared via SharePoint, plus a general message claiming urgent attention and response.
This type of scams falls into the same category of attacks requesting a change/refill of login credentials.
Besides, emails calling for urgency should be usually considered suspicious, especially when they come from an unknown or undisclosed address.
If clicked, the fake link takes to a landing page that displays Microsoft’s SharePoint logo, a blurry background, and a request to log in to view the document.
Of course, upon entering the credentials, the user is taken to an irrelevant document, and only then one realizes the scam.
The entire scam proves that sharing and accessing sensitive documents via email (even using Microsoft’s protocols) is quite risky. A few common-sense ways to prevent falling victim for such attacks would be to:
- Install an antivirus with phishing and/or ransomware shield (most tools have it)
- Make sure the system and all programs are up to date
- Exercise precaution when it comes to revealing credentials or opening suspicious emails or documents
- Block the addresses of potential scammers
Hopefully, this article offered some useful details about phishing scams and how to prevent them. Feel free to leave comments in the section below.
If the advices above haven’t solved your issue, your PC may experience deeper Windows problems. We recommend downloading this PC Repair tool (rated Great on TrustPilot.com) to easily address them. After installation, simply click the Start Scan button and then press on Repair All.
Still having issues? Fix them with this tool:
SPONSORED
- Office 365Phishing
Email *
Commenting as . Not you?
Comment
