Posted on Monday August 27, 2018Phishing scams disguise malicious links and emails as messages from trusted sources. The most recent scam to watch out for almost perfectly imitates a trusted invitation to collaborate through Microsoft SharePoint. It's a three-step attack that's easy to avoid if you know how it works.
The first thing victims receive from hackers is a message that looks identical to an email from Microsoft's file sharing platform SharePoint. It says, â€œJohn Doe has sent you a file, to view it click the link belowâ€¦â€
In most cases, the sender will be an unfamiliar name. However, some hackers research your organization to make the email more convincing.
Clicking the link opens a SharePoint file that looks like another trusted invitation from a Microsoft app, usually OneDrive. This is a big red flag since there's no reason to send an email containing a link to a page with nothing but another link.
Step 2 allows hackers to evade Outlook's security scans, which monitor links inside emails for possible phishing scams. But Outlook's current features cannot scan the text within a file linked in the email. Once you've opened the file, SharePoint has almost no way to flag suspicious links.
The malicious link in Step 2 leads to an almost perfect replica of an Office 365 login page, managed by whoever sent the email in Step 1. If you enter your username and password on this page, all your Office 365 documents will be compromised.
Microsoft has designed hundreds of cybersecurity features to prevent phishing scams and a solution to this problem is likely on the way. Until then, you can stay safe with these simple rules: