LET'S TALK
866.PICK.ITS
CLIENT CHAT
News / Tech News
BACK TO NEWS
PhishPoint: Office 365 Latest Phishing Attack

PhishPoint: Office 365 Latest Phishing Attack

The attack dubbed “PhishPoint” by Cloud Security vendor Avanan demonstrates the craftiness and extent cybercriminals will go to harvest Office 365 credentials. This latest attack uses several familiar aspects of Office 365 to lure potential victims into assuming it's legit. 

Here’s how the PhishPoint attack works:

1.  The user receives the malicious email –The email contains a link to a SharePoint Online-based document. The email creates a sense of urgency as most other phishing attacks.

2.  The link directs to SharePoint – Attackers are using true-to-form SharePoint Online-based URLS, which adds credibility and legitimacy to the email and link, since the user is being directed to a known-good hosting site.

3.  Users are shown a OneDrive prompt – The SharePoint file impersonates a request to access a OneDrive file (again, a known cloud entity), with an "Access Document" hyperlink that is actually a malicious URL, as shown below.

4.  Users are presented with an Office 365 logon screen – Here is where the scam takes place. Using a very authentic-looking logon page where the cybercriminals harvest the user’s credentials.

PhishPoint marks an evolution in phishing attacks, where hackers go beyond just email and use SharePoint to harvest end-users' credentials for Office 365.

Essentially, hackers are using SharePoint files to host phishing links. By inserting the malicious link into a SharePoint file rather than the email itself, hackers bypass Office 365 built-in security. While this security flaw has since been resolved, these instances are constant reminders that scam artists are constantly looking for new ways to penetrate your business.

How to Protect Yourself

Like many of the phishing instances we've discussed and seen, these attacks are designed to be visually indistinguishable from work-related emails that appear safe.

  • Be skeptical of any email subject line that capitalizes buzzwords for workplace stress, like URGENT or ACTION REQUIRED.
  • Be suspicious of URLs in the body of the email.
  • When presented with a login page, look at the URL to see if it is actually hosted by the service it is asking you to log into. 
  • If you receive an unexpected or uncharacteristic email from someone at your organization, contact them to ensure they actually sent it.
  • Activate Multi-Factor Authentication to secure your accounts on software platforms.

At IT Solutions we have a number of processes in place to keep your data safe from attacks like this. If you're interested in learning about our advanced security package, talk to your vCIO or contact us today. 

BACK TO NEWS

ITS Email Newsletter Archive

Connect With Us

Facebook Twitter RSS Youtube LinkedIn

We have a great technology newsletter. Check it out.

Solutions
Managed IT Services
Cloud Services
NearCloud
Office 365
Hybrid Cloud
On-Premise IT Services
Advanced
Guardian
Application Development
Web Applications
Web Design
Azure
Filemaker
Sharepoint
Industries
SharedVision for Business
SharedVision Legal
SharedVision Finance
SharedVision MD

Success Stories
Managed Services
SharedVision
NearCloud
Application Development
FileMaker
Web Applications

News & Training
ITS News & Events
Training

About
Company
Awards
Refer IT Solutions
Partnerships
Founder Q&A

Careers
Working At ITS
Current Positions

Contact

Site Map
Legal

© 2019 IT Solutions Consulting, Inc. All rights reserved. Privacy Statement
IT Solutions
Top