Fake Microsoft SharePoint alerts used to share malware
Security experts warn that legitimate Microsoft SharePoint notifications are fooling even the most tech-savvy employees as threat actors look to launch phishing scams to target more businesses. I’m here.
report from Kaspersky (opens in new tab) detected over 1,600 malicious notifications between December 2022 and February 2023. Cybercriminals targeted companies in Austria, France, India, Italy, Japan, Netherlands, Russia, Singapore, South Korea, Spain, and the United States.
However, despite the misleading email notification, there are some telltale signs that can help businesses detect potential fraudulent activity.
SharePoint phishing
Businesses using Microsoft 365 are receiving legitimate emails for shared files. online collaboration toolswhich makes suspicious links invisible and helps emails bypass security filters that normally prevent users from receiving such emails.
Shared OneNote files include separate notifications for shared files. PDF.
The phishing scam picks up pace as users click the icon, which opens a dangerous link and prompts the user to sign in to their Microsoft account. At this point, unpretentious users share their login credentials, putting themselves and company data at risk. Yahoo, AOL, Outlook, and Office 365 are all offered as login methods and flagged as vulnerable accounts by Kaspersky.
Given that some advice shared by spam analysis experts at security firms clearly lacks coworkers’ names and emails, and the lack of a message in the body, it’s a good idea to get fed up with the first email. After that, the web address of the phishing link gives no indication of a connection to Microsoft or the company’s servers and raises a red flag.
Ultimately, there is little protection against such sophisticated attacks compared to more rudimentary phishing emails, and regular training and updates on the company’s part remain one of the best weapons against attacks.
https://www.techradar.com/news/fake-microsoft-sharepoint-alerts-are-being-used-to-share-malware Fake Microsoft SharePoint alerts used to share malware
