Security Alert: SharePoint Phishing Attack on Office 365 Users
There's a new SharePoint Phishing Attack scam circulating for stealing login credentials. Office 365 users are being targeted by malicious invites sent via email to open a SharePoint document. The link will take you to an actual SharePoint page where you will see a OneDrive prompt. The prompt will have an “Access Document” link in it- do not click this link.
This link is malicious and will take you to a fake Office 365 login screen. Any credentials you enter here will be seen.
How You Can Protect Yourself And Your Organization:
There are a multitude of resources out there to help you protect yourself against phishing attacks. Below are a few good tips.
- Education is your best defense. Stay up to date on the latest phishing techniques and how to avoid them.
- Change your online passwords regularly, use different passwords for each site, and consider using a password manager to help you manage and update your online passwords.
- Whenever you're submitting login credentials to any site, make sure to check the URL of the page for accuracy.
- Also, remember to always hover over links to see where they are taking you.
- Finally - remember, Think Before You Click.
Phishing.org has some additional tips that you can take advantage of. If you have questions about how this Office 365 specific attack might affect your organization, feel free to give us a shout at 817.337.0300 or email us at firstname.lastname@example.org