Email phishing scams are on the rise, including a new cyber-threat called “PhishPoint” that is targeting Office 365 and SharePoint users via email.
Generally, victims receive an email purporting to have been sent by a known colleague/title. However, these emails are often sent from random email domains (e.g., Gmail, AOL, Yahoo, etc.) rather than an expected domain (e.g., MSBA.org).
What’s the Goal?
These scammers seek to:
The recent PhishPoint hack emails – often bearing subject lines of “URGENT”, “ACTION REQUIRED”, or the like – feature a SharePoint link directly embedded in the email. The link will give the appearance of a legitimate SharePoint documents, and will replicate the look of the Office 365 login page. In this case, the primary goal of the PhishPoint hacker is to obtain your login information from that screen.
What Should You Do?
To avoid falling prey to PhishPoint, or phishing scams in general, follow these essential steps:
In addition to the guidance we provided in the original message below, here’s some information from the Federal Trade Commission on Phishing.
For more information on phishing, visit the Federal Trade Commission’s Consumer Information page. Remember – if an email message appears odd or requests something atypical, it merits closer review before you take any action.