Some criminal tactics work so well year after year at fooling people into clicking malicious links or downloading malware-laden attachments that they spawn multiple variations.

Phishing is responsible for 90% of all data breaches, and just about every business on the planet has been the recipient of a phishing email. It continues to be the most popular tool in a hacker’s toolbox because it continues to work, and there are so many ways to deploy phishing.

When planning IT security solutions for business, phishing continues to be difficult to combat because it can take so many forms. A few of these include:

·      Phishing with email attachments

·      Phishing with malicious links

·      Text phishing

·      Social media phishing

·      Targeted spear or whale phishing 

And once people get wise to one type of phishing ploy, scammers quickly adjust and bring out brand new ones. One of the newer ones that was first spotted in 2018 is a SharePoint/OneDrive phishing scam that tricks users into giving up their Office 365 login credentials.

The SharePoint scam is clever in that it disguises itself as a common type of email that companies using Office 365 might see every day - an invitation to collaborate on SharePoint. 

It looks legitimate at first but is really redirecting the user to a spoofed login page to steal their username and password.  

How Does the SharePoint/OneDrive Scam Work?

This phishing scam begins when a user receives a seemingly normal invitation to collaborate through SharePoint, and it will include a link to a OneDrive document. The link will appear legitimate, having “onedrive” in the URL as it should, which tricks many users into letting their guard down and believing it to be real.

The trick of this type of phishing scam is that the link really IS a link to a OneDrive document that the scammer has put up. Because the link is to a trusted resource, it can slide right by undetected in many anti-phishing programs that look for malicious links. 

This is one way that phishing keeps evolving. As scammers find that their ploys are getting blocked, they look for ways around the system, which is through the use of links on services like OneDrive or Google Drive that an app won’t be programmed to flag as dangerous.

The next step in the ploy happens when the user clicks the OneDrive document link in the email to access the shared file. It directs them outside of OneDrive to a third-party website with a spoofed Microsoft Office 365 login page.

The page is designed to look exactly like the real thing that users have most likely seen so many times, they don’t think twice about entering their login credentials. 

As soon as the employee enters their login, the scammers have them and the person may then realize something is not right, because they’re not finding a shared document they were expecting to see. Others may shrug it off as something just not working right with the SharePoint service. 

What Can Hackers Do with My Office 365 Credentials?

Login credentials for an Office 365 account can score a hacker anywhere between $15-$100 each, with administrator logins being sold for the most money.

They’re so valuable because they can let criminals into all sorts of areas of the platform for nefarious reasons. With your login credentials for Office 365, hackers can access:

·      Email (for sending spam and more phishing)

·      Cloud storage with sensitive business information

·      Access to other user accounts using an admin login

Why This Phishing Attack is Particularly Dangerous 

There are two key factors at play with the SharePoint phishing scam that makes it particularly dangerous for an organization.

One is the trust factor. Users are seeing a standard OneDrive link in an email that they will typically trust. Some employees also may think that the SharePoint invitation must be an internal one and anything coming from their own company’s system would be safe.

The second factor is the ability of these phishing links to get past security applications, like Microsoft’s Advanced Threat Protection. These services won’t typically identify a OneDrive file link as malicious, so the email gets through. This also causes the user to place trust that it’s legitimate, because they mistakenly think, “the security software would’ve caught it if it wasn’t real.”

Tips to Avoid Falling for the SharePoint Phishing Scam

While phishing is getting more sophisticated, that doesn’t mean you don’t have any defenses against it. There are several things that your business can do to safeguard your Office 365 platform from this type of scam.

·      Educate Your Users: Conduct ongoing employee cybersecurity education about this and other phishing threats out there, so users know what to be on the lookout for.

·      Use Multi-factor Authentication: Using multi-factor authentication can stop a thief from being able to use stolen login credentials for your Office 365 account because they won’t have access to the device that receives the login PIN.

·      Use a Web Filtering Application: Security applications that include web filtering can warn users if they’ve just clicked to access a dangerous page, including those designed to spoof a login page. 

·      Protect Workstations with Endpoint Protection: A 3rd party endpoint protection application can often catch phishing emails that other software might miss.

Get Help Securing Your Office from Phishing Attacks

Phishing comes in multiple forms and is constantly evolving. Make sure you have a cybersecurity strategy in place that can keep your data protected. BrainStomp can help you with the best security solution based upon your office software and workflows.

Schedule a free security consultation today! Call 260-918-3548 or reach out online.