Three forms of phishing attack on Office 365 explained
While Office 365 and collaborative software like SharePoint are excellent solutions for inter-office communication and file sharing, there is no doubt they are a strong target for phishing schemes. The following are three of the main forms of attacks you need to recognise:
Attacks via message subject line
A common form of phishing attack uses a hook in the email subject line requesting instant action. The email title will have an alarming message suggesting urgent action is required for the recipient to continue using their account. It will insist they need to update their personal information in order to re-validate it.
The email is designed to bypass filtering systems that are reputation based and so they make use of legitimate, albeit hacked, websites. A link will be included in the email the user receives and this link will be hosted by the oblivious host - creating false legitimacy for the benefit of security. Through this technique, the phisher fools the user into disclosing their log in account details.
Attacks via Voice message
This personalised attack begins with an email in Office 365 Outlook. The user receives an email alerting them that they have missed a call but have been left a voice message. It will mention their name and telephone number specifically in the message content for authenticity. The message will state that the voice message is from a legitimate-looking number with a link for the recipient to click on to hear their message.
This link is in fact a phishing attack link and will take the user to an interface that looks identical to a Microsoft login screen where they will unwittingly part with sensitive account information. These links come in many forms and could be disguised as what appears to be an official Microsoft email or a SharePoint hosted PDF from a compromised SharePoint site that contains a link to the bogus log-in screen.
Attacks via shared files
In this attack, the phisher sets up a free trial of Microsoft office 365. It’s simple for them to set up a subscription with just an email address, which can be easily created especially for the attack. Once established, the phisher composes a series of documents inside SharePoint after which they proceed to email various individuals in different organization with an invitation to make edits to the shared files. The files are usually sent from common names, like Sarah or John, to further convince the user it’s from a known source.
As this is a legitimate request from SharePoint, it does not alert the attention of malware- scanning support systems. The file shared with the recipient will look for all intents and purposes exactly like a OneDrive file. When opened, the file displays identically to the OneDrive log-in screen, yet when they enter in their details the phisher steals the user’s account details.
If your company has concerns and questions regarding phishing attacks and the safety of your use of collaborative software platforms, such as SharePoint, talk to our team at WM Reply. We specialise in Microsoft technology, including Office 365 and SharePoint, and will be happy to help.