Share this article

With KB5043178 to Release Preview Channel, Microsoft advises Windows 11 users to plug in when the battery is low

Copilot in Outlook will generate personalized themes for you to customize the app

Microsoft will raise the price of its 365 Suite to include AI capabilities

Death Stranding Director’s Cut is now Xbox X|S at a huge discount

Outlook will let users create custom account icons so they can tell their accounts apart easier

Urgent-response type phishing attack hits Office 365 emails

2 min. read

Published onApril 29, 2021

published onApril 29, 2021

Share this article

Read our disclosure page to find out how can you help Windows Report sustain the editorial teamRead more

Key notes

Researchers at phishing platform Cofense discovered a newphishing attackaimed atOffice 365accounts.

The method used isn’t a novelty: the attackers inserted a fakeSharePointdocument into an email, requesting urgent review and response.

The seriousness of the event is more concerning since it managed to bypass Microsoft’s security layers, the reportshows:

The campaign was found in an environment protected by Microsoft’s own secure email gateway (SEG). With thousands of individuals still required to telework, this has created a perfect opportunity for hackers to lure their victims with almost picture-perfect sharing themed emails.

The details to look after in a phishing attack

Similar toother phishing scams, this one was also spread via a seemingly legitimate email.

A first notable detail was the sender’s email address: the name wasn’t clear, nor was a Microsoft reference or the organization’s title.

Then, the email contained a team project document apparently uploaded and shared via SharePoint, plus a general message claiming urgent attention and response.

This type of scams falls into the same category of attacks requesting achange/refill of login credentials.

Besides, emails calling for urgency should be usually considered suspicious, especially when they come from an unknown or undisclosed address.

If clicked, the fake link takes to a landing page that displays Microsoft’s SharePoint logo, a blurry background, and a request to log in to view the document.

Of course, upon entering the credentials, the user is taken to an irrelevant document, and only then one realizes the scam.

The entire scam proves that sharing and accessing sensitive documents via email (even using Microsoft’s protocols) is quite risky. A few common-sense ways to prevent falling victim for such attacks would be to:

Hopefully, this article offered some useful details about phishing scams and how to prevent them. Feel free to leave comments in the section below.

More about the topics:Office 365,Phishing

Sinziana Mihalache

Sînziana loves getting people to better understand products, processes, and experiences beyond a simple user guide, either in writing or making use of images. She joined the team after a long-term collaboration with one of the world’s top cybersecurity companies - Bitdefender. Outside work, Sînziana enjoys climbing mountains, backpacking around the world, and writing about almost anything on her blog.

User forum

0 messages

Sort by:LatestOldestMost Votes

Comment*

Name*

Email*

Commenting as.Not you?

Save information for future comments

Comment

Sinziana Mihalache

With KB5043178 to Release Preview Channel, Microsoft advises Windows 11 users to plug in when the battery is low#

Copilot in Outlook will generate personalized themes for you to customize the app#

Microsoft will raise the price of its 365 Suite to include AI capabilities#

Death Stranding Director’s Cut is now Xbox X|S at a huge discount#

Outlook will let users create custom account icons so they can tell their accounts apart easier#

Urgent-response type phishing attack hits Office 365 emails#

The details to look after in a phishing attack#