New Office 365 cyberattack on the loose

Posted on Monday August 27, 2018

Phishing scams disguise malicious links and emails as messages from trusted sources. The most recent scam to watch out for almost perfectly imitates a trusted invitation to collaborate through Microsoft SharePoint. It's a three-step attack that's easy to avoid if you know how it works.

Step 1 - Invitation to collaborate email

The first thing victims receive from hackers is a message that looks identical to an email from Microsoft's file sharing platform SharePoint. It says, “John Doe has sent you a file, to view it click the link below…”

In most cases, the sender will be an unfamiliar name. However, some hackers research your organization to make the email more convincing.

Step 2 - Fake file sharing portal

Clicking the link opens a SharePoint file that looks like another trusted invitation from a Microsoft app, usually OneDrive. This is a big red flag since there's no reason to send an email containing a link to a page with nothing but another link.

Step 2 allows hackers to evade Outlook's security scans, which monitor links inside emails for possible phishing scams. But Outlook's current features cannot scan the text within a file linked in the email. Once you've opened the file, SharePoint has almost no way to flag suspicious links.

Step 3 - Fake Office 365 login page

The malicious link in Step 2 leads to an almost perfect replica of an Office 365 login page, managed by whoever sent the email in Step 1. If you enter your username and password on this page, all your Office 365 documents will be compromised.

Microsoft has designed hundreds of cybersecurity features to prevent phishing scams and a solution to this problem is likely on the way. Until then, you can stay safe with these simple rules:

  • Check the sender's address every time you receive an email. You might not notice the number one in this email at first glance: johndoe@gma1l.com.
  • Confirm with the sender that the links inside the shared document are safe.
  • Open cloud files by typing in the correct address and checking your sharing notifications to avoid fake collaboration invitations.
  • Double check a site's URL before entering your password. A zero can look very similar to the letter 'o' (e.g. 0ffice.com/signin).
Third-party IT solutions exist to prevent these types of scams, but setting them up and keeping them running requires a lot of time and attention. Give us a call today for information about our unlimited support plans for Microsoft products.

Celebrating 35+ Years

Off-Site Cloud Backups

Contact Us

Support Ends for Windows 10 22H2, Windows Server 2012 R2, Exchange 2013, Office 2016