Email phishing scams are on the rise, including a new cyber-threat called “PhishPoint” that is targeting Office 365 and SharePoint users via email.

Generally, victims receive an email purporting to have been sent by a known colleague/title. However, these emails are often sent from random email domains (e.g., Gmail, AOL, Yahoo, etc.) rather than an expected domain (e.g., MSBA.org).

What’s the Goal?

These scammers seek to:

  1. Get you to respond so they can follow up with further requests for you to provide information or take some action (e.g., send them money);
  2. Get you to provide login information so they can attempt to use it on a variety of websites; or
  3. Have you access a file/link so they can infect your system with viruses that will allow them to take control of your machine, infect others, and other purposes.

The recent PhishPoint hack emails – often bearing subject lines of “URGENT”, “ACTION REQUIRED”, or the like – feature a SharePoint link directly embedded in the email. The link will give the appearance of a legitimate SharePoint documents, and will replicate the look of the Office 365 login page. In this case, the primary goal of the PhishPoint hacker is to obtain your login information from that screen.

What Should You Do?

To avoid falling prey to PhishPoint, or phishing scams in general, follow these essential steps:

  1. Carefully screen your emails from clients and coworkers. If something doesn’t look right, do not open it.
  2. Brief yourself on the basic warning signs of an email hacker
  3. Make sure to backup your systems frequently. The only way to guarantee recovery of your data in the wake of a cyber-attack is to have accurate and reliable backup files ready.

In addition to the guidance we provided in the original message below, here’s some information from the Federal Trade Commission on Phishing.

For more information on phishing, visit the Federal Trade Commission’s Consumer Information page. Remember – if an email message appears odd or requests something atypical, it merits closer review before you take any action.