On today’s One-Minute Wednesday, we’ll be looking into a new phishing scam that’s targeting Office 365 users called PhishPoint. What hackers do with PhishPoint is email SharePoint invites that contain a malicious link. So, let’s dive into how PhishPoint works and what to do to keep yourself on guard from this attack.

How PhishPoint Attacks

PhishPoint attacks are created by a phony SharePoint document implanted with a link that takes you to a Microsoft login page where you access the document.

SharePoint Document

When the login page opens and your credentials are inserted, the cybercriminal on the other end steals your login information. This type of attack is so dangerous because it can bypass Microsoft’s security system by hiding within a SharePoint document.

Spoofed Login Page

Like with most phishing emails, hackers attempt to gain an unsuspecting user’s trust and the login page they navigate to appears very legitimate. So overall, PhishPoint is a convincing trap that can be easy to fall into if you’re not careful.

Staying on Guard

How can you stay on your guard with something so deceptive? The first thing to do is remain alert; watch out for any emails that read “Urgent”, “Action Required” or contain anything that calls you to input or send sensitive data. Be on the lookout for URLs in the body of your email too, as they can lead to spoofed sites like the Microsoft login page we mentioned. Check to ensure a message coming from within your organization that has any odd sounding language is trustworthy. And if this is your first time receiving an email from a particular sender be sure not to click any unknown links or attachments from them until you can confirm it’s safe. Finally, you should use any Multi-factor Authentication software your company has implemented to secure your account.

Now that you’re aware on what PhishPoint is and how it attacks, you can be prepared to keep you and your personal information secure. Stay safe and be sure to join us for next week’s One-Minute Wednesday!