There is a new email Phishing attack, called “PhishPoint” focused on users of the Office365 platform, specifically related to the use of OneDrive and SharePoint.
The scam looks very authentic to you and your users and many people have already fallen victim.
What you need to know, and what to do:
- The attack is sent through as email directed to your users focused on getting them to fall victim to sharing their Office365 credentials.
- The email subjects will have something like the word URGENT in order to get the users attention.
- Inside that email is a link which takes the user to a legitimate SharePoint Online URL.
- Then it brings the user to what appears to be an Office365 login page
- If the user enters their credentials into the fake site, then they’ve been scammed.
There is also a scam saying that users HAVE A NEW VOICE MESSAGE and that it is coming from Office 365 Audio Conferencing.
It has a link that says Listen to Voice Message Here
This is a Scam! Do not click on the link
What can you do about it?
- Alert all of your employees of this scam, so they don’t fall victim to what seems like a very legitimate email.
We can add a optional advanced threat protection that scans all incoming emails with attachments and links of any kind. This provides for a more secure environment and we can also limit incoming email to only come from certain areas of the world and languages. Then lastly we can incur rules we have been adding from known spammers to limit incoming spam mail they may receive. The additional fee that incurs with this license is $1.25 per user on top of our regular email pricing. Let me know if you have any further questions and I can go into details