Cybersecurity Alert: SharePoint Phishing Attack Targets Office 365 Users

New PhishPoint Attack May Be Affecting As Many As 10% of Office 365 Users

Recently we have been seeing a new phishing attack called PhishPoint that is targeting Office 365 customers. In this scam, cybercriminals are inserting malicious links into SharePoint files and then sharing them with potential victims, ultimately allowing them to steal Office 365 user credentials.

This attack is particularly insidious because it bypasses Office 365’s built-in security. Microsoft automatically scans incoming emails for malicious links and attachments, but a link to Microsoft’s own SharePoint Online platform wouldn’t raise any red flags with their system. Because the malicious phishing link is hosted in the SharePoint file rather than the email itself, is goes unnoticed by Microsoft’s email security.

How to Spot A PhishPoint Attack

In a PhishPoint attack, the target will receive an email that looks exactly like the standard SharePoint invitation to collaborate:

an example PhishPoint email

Clicking on the link will automatically open up a SharePoint file. This SharePoint file will contain content that looks like a standard request to access a OneDrive file. However, the link to “Access Document” is actually a malicious URL.

A malicious SharePoint file

Clicking on the SharePoint link to access the document takes the user to a spoofed Office 365 login page. When the victim enters their username and password, their credentials will be recorded and stolen by the hacker.

PhishPoint ultimately leads to a spoofed Office 365 login screen

How Can You Protect Yourself?

Like many phishing attacks, PhishPoint is designed to perfectly imitate aspects of the Office 365 experience in order to lull users into a false sense of security. Here are a few things to keep in mind:

  • PhishPoint emails are unsolicited and usually have a generic subject line like “[fusion_builder_container hundred_percent=”yes” overflow=”visible”][fusion_builder_row][fusion_builder_column type=”1_1″ background_position=”left top” background_color=”” border_size=”” border_color=”” border_style=”solid” spacing=”yes” background_image=”” background_repeat=”no-repeat” padding=”” margin_top=”0px” margin_bottom=”0px” class=”” id=”” animation_type=”” animation_speed=”0.3″ animation_direction=”left” hide_on_mobile=”no” center_content=”no” min_height=”none”][name] has sent you a OneDrive for Business file”. If you are not expecting a file share from someone in your office, take the time to verify the email’s legitimacy by calling the sender directly or, better yet, talking to them in person.
  • Many PhishPoint emails attempt to manufacture a sense of urgency by including words like ACTION REQUIRED or URGENT in their subject lines. Don’t let the sense of urgency put you in a hurry—take the time to look closely at emails like this before clicking on them.
  • Always check the URL when you receive suspicious links! In PhishPoint’s case, when you finally make it to the login page, you can tell that it is not associated with the Office 365 domain by looking at the address bar in your browser.

To learn more about how to spot phishing attacks, check out this helpful video. As always, make sure you stay alert and think before you click![/fusion_builder_column][/fusion_builder_row][/fusion_builder_container]

Share:

Subscribe to TechMD Insights






More Posts

Russian Invasion Requires Increased Cybersecurity Alertness 

You have probably heard the news by now that Russia has invaded Ukraine, and this will likely have a major impact on the cybersecurity world moving forward. The U.S. Cybersecurity & Infrastructure Security Agency (CISA) is recommending that all American organizations be on high alert, especially small and mid-sized businesses as they are seen as softer targets for cybercriminals.

Top 3 Takeaways from the 2021 Verizon Data Breach Investigations Report 

Every year, Verizon releases their Data Breach Investigations Report (DBIR) and it usually contains some useful takeaways about how SMBs can protect themselves from cybercriminals. In case you haven’t read this 119-page report, here’s TechMD’s breakdown of the Top 3 most relevant takeaways for your business. 

Top 3 IT Priorities for 2022

2021 has been another year of “unprecedented times” as the COVID-19 pandemic has continued long past what many expected. With this continued level of uncertainty, it’s more important than ever that organizations have their IT in order and prioritized. Our team here at TechMD have put together three top IT priorities for 2022 to help you be prepared for the ever-changing IT landscape.