skip to Main Content

PhishPoint: Phishing Scam Attack Of The Week On Office 365 Users

Our topic today are the sharks in our digital waters this week. The latest Microsoft phishing attack, dubbed “PhishPoint,” demonstrates the lengthy extents in which cyber criminals will go to obtain confidential information.

In the most recent PhishPoint security breach, these hackers were able to use Microsoft’s Online platform to gain this information from users.

Here’s what happened and most importantly, here’s how you can protect this from happening to you, your employees or your clients if you’re an Office 365 User.

Baaa dum….Baaa Dum…”PhishPoint” Phishing Scam On Office 365 Users…Here’s How PhishPoint Attacks Work:

  • The user is sent an email via the attacker – The words URGENT or ACTION REQUIRED are usually used to instill a sense of urgency. (Dun dun dun dun dun….)
  • The email contains a link to a SharePoint Online document. The Attackers are using realistic SharePoint Online-based URLs, adding credibility and legitimacy to the attack email because the users are being directed to a well- known hosting site.
  • This link leads the user to a OneDrive prompt – The SharePoint file mimics a request to access a OneDrive file, with an “Access Document” hyperlink that is a malicious URL.
  • Dun dun dun dun dun dun duuuunnnn!!! An Office 365 login screen is then presented to the user. Using a realistic looking login page, cybercriminals can collect the user’s credentials.

These PhishPoint Phishing email scam attacks are particularly sneaky because while Microsoft does scan emails for suspicious links and attachments, a link to their own SharePoint Online would often go unnoticed. Attackers were left with an easy platform to violate, as Microsoft does not scan files hosted on SharePoint.

Here’s What Didn’t Add Up: What To Look For To Prevent Office 365 PhishPoint Attacks

Users with knowledge of cybersecurity and protocols may have had a better chance of spotting these attacks. In this specific attack, several aspects stood out:

  • The email was unsolicited and contained a generic subject line of “X has sent you a OneDrive for Business file.”
  • There were several user- initiated steps to open the documents
  • The URL for the Login Page wasn’t associated with the Office365.com domain
  • The “PhishPoint” attack represents the risks associated with the use of cloud-based technologies. By making these scams more realistic, users can take advantage of the lowered levels of alertness and cautiousness and acquire access to confidential resources online without organizations or individuals knowing.

Scammers Collect Credit Card Information Using E-Mails

Scammers have also devised a way to collect credit card information using e-mails. They do this by claiming to be from Optus, a major Australian telecommunications company. The Australian Communication and Media Authority (ACMA) say these emails are disguised as unpaid invoices in need of an updated credit card information. The ACMA stated that the falsified emails are hard to detect since they use a web address similar to the real Optus website.

When the user accesses the site, the visitor is prompted to click on a “pay your bill” link which opens up a fraudulent page where the user then enters the credit card information. The ACMA noted the importance of checking the email links for validity as a way of keeping your information safe from cyber criminals. They advised anyone receiving one of the “We are unable to process your last payment” or similar email messages to delete them immediately.

Unfortunately, the Optus and Microsoft scams aren’t unique. Last month the Australian government also issued warning about an email scam claiming to be from Medicare. Criminals requested wire transfer information so they could receive others benefits. This sort of information could be used to make fraudulent electronic withdraws.

A New Breed Of Shark: Fraudulent Cryptocurrency Offers

A relatively new social engineering scam has taken place alongside traditional phishing emails, they’re known as fraudulent cryptocurrency offers. Kaspersky Lab’s report on phishing for the second quarter of 2018 showed that 35.7% of observed attempts were against financial organizations and customers. Customers are targeted through banking or payment services. 107 million attempts were tracked. 21.1% of the attacks targeted banks, 8.17% targeted e-shops, and 6.43% went after payment services.

The lead content analyst at Kaspersky Lab, Nadezhda Demidova, says that the rise of such attacks reflects the fact that more people are using electronic payment systems. Many of these users are unaware of their potential risks, which leaves them an attractive target for social engineering.

Cyber criminals increasingly try to convince their victims to transfer cryptocurrency into a fraudulent wallet. These attempts often include offers of free distributions of cryptocurrencies, or they seek to exploit the allure surrounding the names of new initial coin offerings (ICO).

Kaspersky estimates that more than 2.3 million dollars have been stolen this way during the second quarter of 2018. Brazil topped the list of phishing attacks at 15.51%, followed by China and Georgia, both at 14.44%, Kirghizstan at 13.6%, and Russia at 13.27%. China was the largest producer of spam.

Bottom Line? Knowledge Is Prevention.

The overarching lesson learned through these scams is to check the credentials of emails carefully before you click on any links they contain and never give personal information over email. And for organizations, if your practices and protocols allow you to ask your employees or clients for sensitive information by email, you probably need to reevaluate your policies.

Phishing Attack Prevention Resources

Back To Top