Notice: Our Burlington office at 200 Church St will be closed Wednesday, October 30 for offsite Customer Service training. Walk-in and phone support for Customer Service will be unavailable. Technical Support will still be available by phone or in person at our Essex Junction office.

On Thursday, October 31, the Burlington lobby will be closed to walk-ins due to construction inside the office. Customer Service will be available by phone with our team working remotely.

Our Essex Junction office located at 62 Pearl St will be open both days. Need help? Call Customer Service or Technical Support at 802-540-0007.

Office 365 Phishing Attack

 

The evil hackers of the world are at it again. This time, phishers are sending fake emails to Office 365 users via malicious links inserted into SharePoint documents. This latest trick allows phishers to bypass the platform’s built-in security.  The campaign, dubbed “PhishPoint,” is spread to victims via emails containing a SharePoint document and invitation to collaborate. However, when clicked, the file contains a nasty URL that snatches end users’ credentials.  The phishing attack has hit some 10% of Office 365 customers globally.

The Problem

The victim receives an email containing a link to a SharePoint document. The body of the message is identical to a standard SharePoint invitation to collaborate. After clicking the hyperlink in the email, the victim’s browser automatically opens a SharePoint file. The SharePoint file content impersonates a standard access request to a OneDrive file, with an ‘Access Document’ hyperlink that is actually a malicious URL.

The Good News

Office 365 has multiple layers of defenses that detect this type of attack. Users are still encouraged to check the authenticity of the links prior to clicking them, avoid opening links in emails from senders they don’t recognize, or visiting unsecured sites.  Basic good practices include being aware of any email subject line that capitalizes buzzwords (like “Urgent” or “Action Required”) and staying suspicious of any URLs that show up in the body of emails.

 

bt logo
Translate »