Phishing Using Fake Links

Phishing Using Fake Links

SharePoint phishing fraud targets home workers (2021)

April 2021 saw yet another phishing attack emerge that appears specifically designed to target remote workers using cloud-based software.

The attack begins when the target receives an email—written in the urgent tone favored by phishing scammers—requesting their signature on a document hosted in Microsoft SharePoint.

The email looks legitimate. It includes the SharePoint logo and branding familiar to many office workers. But the link leads to a phishing site designed to siphon off users’ credentials.

Phishing attacks increasingly aim to exploit remote collaboration software—Microsoft research suggests nearly half of IT professionals cited the need for new collaboration tools as a major security vulnerability during the shift to working from home.

How to detect such a phishing fraud?

  1. Stay Calm Amidst Urgency

    • Phishers often employ a tone of urgency to provoke immediate action from their targets. Emails may claim that your account is at risk of being closed or that urgent action is required to update your information. It's crucial to remain calm and not let the urgent tone cloud your judgment. Real organizations understand the importance of security and are unlikely to demand immediate action through email.
  2. Verify the Sender's Email Address

    • Always check the sender's email address for authenticity. Phishing emails might look legitimate at first glance, but a closer inspection of the sender's email address can reveal inconsistencies or strange variations. Always check the exact From email and not the From name. Always check the domain name in mailed-by and signed-by.

  3. Scrutinize the URL Before Entering Credentials

    • Before entering any personal information or credentials, make sure the URL in your browser matches the legitimate website of the company claiming to have sent the email. Phishers can create fake websites that mimic real ones. Check for misspellings in the URL or any unusual characters. A secure website should also begin with "https://" and display a padlock icon near the address bar, indicating encryption. Check the below the subdomain is but the domain is not correct.

What is URL phishing and how to avoid it - Surfshark

  1. Implement Two-Factor Authentication (2FA)

    • Two-factor authentication adds an extra layer of security by requiring a second form of verification beyond just a password. Even if a phisher manages to obtain your password, they would still need the second factor—usually a temporary code sent to your phone or generated by an authenticator app—to access your account. Always enable 2FA on all accounts that offer it, as it significantly increases your security against phishing and other forms of cyber attacks.