Exciting Changes Coming To 1Path.com

  • 00Days
  • 00Hours
  • 00Minutes
  • 00Seconds
Sales: (877) 516-0218
General: (678) 695-5500

New Phishing Attack Targeting Microsoft 365 Users

padlocked gate

Cybersecurity

A new phishing campaign that is hiding malicious URLs in SharePoint Files is targeting Office 365 users. Researchers have coined the tactic “PhishPoint” and some businesses claim 10% of Office 365 users may have been impacted by the scam globally.

“PhishPoint” is a unique attack because it bypasses the built-in security protections of Office 365 by inserting malicious links into SharePoint documents.

While the body of the email message looks identical to a standard SharePoint invitation from someone looking to collaborate, the content of the file impersonates a standard access request to a OneDrive file and an ‘Access Document’ button on the file is hyperlinked to a malicious URL.

The malicious link then redirects the victim to a spoofed Office 365 login screen and asks the user to enter his/her login credentials, which is then stolen by hackers.

Here are steps to protect yourself from PhishPoint:

  1. Be skeptical of URLs present in an email body or any subject lines that contain “urgent” or “action required,” or other buzzwords related to workplace stress.
  1. When presented a login page, always check to see whether the URL is hosted by the legitimate service provider.
  1. For unexpected emails from peers or superiors, contact the individual and verify that they actually send the message.
  1. Use multi-factor authentication (MFA), to secure user accounts across multiple software platforms.

Though it’s difficult to know for certain, here are ways to determine whether you’ve been hacked. Keep in mind that cybersecurity threats can be very subtle. When in doubt, contact your IT department to report anything suspicious.

Free Cybersecurity Quiz

RECENT POSTS

SHARE ON SOCIAL MEDIA

Share on facebook
Share on twitter
Share on linkedin

SUBSCRIBE TO OUR NEWSLETTER

Join 30K Business & IT Professionals by signing up for our email list to receive updates on IT and Cybersecurity directly in your inbox.

RFP for IT Template
Perfect AV eBook

NAVIGATE TECHNOLOGY
WITH CONFIDENCE.
CONTACT US.