Microsoft warns SharePoint users about convincing phishing scam

Security researchers at Microsoft are again warning users about phishing scams imitating SharePoint. 

The messages use Microsoft SharePoint in the domain name, and contain a “file share” request to access bogus “Staff Reports”, “Bonuses”, “Pricebooks” and other content that appears to be hosted in an Excel spreadsheet. 

The Microsoft Office collaboration platform has become essential for many organisations during the pandemic, as it allows employees to collaborate on projects while working remotely.  But it also makes it an attractive target for cyber criminals.

In this latest scam, the attackers use “a crafty combination of legitimate-looking original sender email addresses, spoofed display sender addresses that contain the target usernames and domains, and display names that mimic legitimate services to try and slip through email filters”.

The scam campaign can be identified by its repeated references to email “referrals” and the fact that the messages appear to contain a document that has been shared by a colleague. 

Users may have a hard time spotting these clues, though, because SharePoint does send legitimate emails like this. The example above, for instance, contains a graphic with a file name and a link to open it – just as would happen if someone genuinely shared something with you.

To identify its true nature, you must look at the sender’s email address. Whereas a genuine message would come from the email address of the person who sent it (presumably a colleague), the phishing emails come an illegitimate address. 

“The emails contain two URLs that have malformed HTTP headers. The primary phishing URL is a Google storage resource that points to an AppSpot domain that requires the user to sign in before finally serving another Google User Content domain with an Office 365 phishing page,” Microsoft notes.

How to protect your organisation

Microsoft’s warning came the same week that Egress released a report claiming that 73% of organisations have fallen victim to phishing in the past year.

It credits the increase in successful phishing attacks to organisations’ inability to protect employees as they work from home. According to the report, 43% of remote workers weren’t following security protocols and 36% were rushing and making mistakes.

This latest SharePoint scam demonstrates how crafty attackers can be, and how easily employees can fall victim if they’re not paying attention.

If organisations are to protect themselves, they must prioritise cyber security and take steps to not only educate employees about the threat of phishing but get them practising good security habits.

Those looking for advice on how to get started should take a look at Cyber Security 101 – A guide for SMEs.

This free green paper contains essential advice to help you develop your cyber security strategy.

It helps you better understand the threat landscape – including some misconceptions about best-practice cyber security that you may have read – and explains the steps you should take to bolster your defences.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.