A phishing attack has been discovered which sends e-mails telling you that a colleague has sent you a file in SharePoint or OneDrive:

This e-mail contains a link which takes you to a page that looks like the Microsoft sign in page:

If you sign in on this spoofed page, your credentials will be sent to the attacker.

The Technical Bit

So with that in mind, here is how the new phishing attack works. The attacker sets up a free trial of Office 365. Once the trial account is up and running, the scammer sets up a series of documents within SharePoint. They then send an invitation to users in other organisations offering to allow them to edit the file. This is a legitimate SharePoint request, so it makes it through the malware-scanning engine.

The file that gets shared with the unsuspecting user is made to look like a OneDrive file. When the user attempts to open the file, they are presented with a fake OneDrive log-in screen. This allows the attacker to steal the victim’s credentials.

The scary thing about this attack is that it completely circumvents many of the conventional defences. Your anti-malware software probably isn’t going to be able to detect the attack because the link is legitimate and there are no attempts to implant malware. The attacker is stealing credentials, not infecting machines.

If you receive any e-mails that you are unsure about, please contact us  and one of colleagues at Net Essence will be pleased to advise.

If you would like to receive these important messages from us in future, please click on this link to subscribe to our mailing list. This list will not be used for any sales or marketing purposes and will not be shared with anyone.