Microsoft 365 users: beware of SharePoint phishing attacks

Don Sharpe
by Don Sharpe
Author
Loading Comments
Download PDF
Affiliate Disclosure

  • Threat actors sent spoofed SharePoint emails to employees in different organizations as part of a phishing campaign.
  • The attackers sought to steal users' Microsoft 365 security credentials.
  • Threat actors come up with new devious ways to breach IT systems on premises and in the the cloud. Check out our Cybersecurity Updates and stay several steps ahead by learning about the latest protections against existing and emerging threats.
  • Don't forget to bookmark the Security page, where we keep you posted on fresh IT security news and incidences. 
Spoofed SharePoint email attack

If you’re a Microsoft 365 user, chances are you’ve used SharePoint to share and manage official documents and content.

The app, which recently received a Yammer integration update, comes in handy when you need to remotely collaborate on business files. Sadly though, threat actors know this too. So they’re now sending spoofed SharePoint emails to unsuspecting employees as part of a phishing campaign.

Microsoft 365 user credentials targeted in phishing attacks

The folks at Abnormal Security uncovered a phishing campaign that targets corporate SharePoint users. Unfortunately, the end game for the attackers is to collect unsuspecting users’ Microsoft 365 credentials.

They start by sending spoofed SharePoint emails addressed to no specific person. By not naming any individual as the recipient, the threat actors aim at tricking as many victims as possible into supplying their Microsoft 365 login details.

This attack impersonates an automated message from Sharepoint to send phishing emails. The email itself is not addressed to any specific individual, and is meant to cast a wide net to phish for employees credentials.

However, unlike previous similar attacks, this phishing campaign doesn’t create any sense of urgency to get the target to act quickly.

According to Abnormal Security, the attackers designed the phishing emails to appear to originate from within the target organization.

As you may expect, each email has a malicious link. And if you click on the link, you end up on a fake Microsoft 365 landing page. The link may take the user to a PDF download page that redirects to another site, in other cases.

Whichever way the link goes, the user ends up on a site that requires Microsoft 365 security credentials to sign in.

Phishing attacks targeting the users of Microsoft 365 or other cloud-based or on-premises computing tools are a persistent cybersecurity issue. Be sure to guard your IT systems with all you’ve got, from antivirus solutions to Microsoft Defender ATP.

For any cybersecurity-related problem or question, write us a message in the comments box below.