Legitimate Microsoft SharePoint notifications are fooling even the most tech-savvy workers as threat actors look to set up phishing scams to target more businesses, security experts have warned.
A report from Kaspersky (opens in new tab) detected more than 1,600 malicious notifications between December 2022 and February 2023 as cybercriminals targeted businesses in Austria, France, India, Italy, Japan, the Netherlands, Russia, Singapore, South Korea, Spain, and the US.
However, despite the misleading email notifications, there are some clear signs to help businesses detect potential scam activity.
SharePoint phishing scams
Legitimate emails of shared files are received by companies using Microsoft 365’s online collaboration tools, with no dubious link in sight, helping emails to bypass the security filters that typically prevent users from receiving such emails.
The shared OneNote file then contains another notification of a file that has been shared, this time to a file like a PDF.
When a user clicks on this icon, the phishing scam picks up the pace as a dodgy link opens, urging the user to sign in to their Microsoft account. At this point, an unassuming user shares their login credentials, putting their own and their company data at risk. Yahoo, AOL, Outlook, and Office 365 are all offered as login methods and are flagged by Kaspersky as vulnerable accounts.
Some advice shared by the security firm’s spam analysis expert includes being weary of the initial email given the apparent lack of a colleague’s name or email, and lack of message in the body. Later, the phishing link’s web address shows no sign of connection to Microsoft or company servers, raising red flags.
Ultimately, with little protection against such sophisticated attacks compared with more rudimentary phishing emails, regular training and refreshing on the part of the company remains one of the best weapons against attacks.
