SharePoint is a popular collaboration platform used by many organisations to manage documents, workflows, and other business-related content. However, cybercriminals are increasingly using hijacked SharePoint servers as a phishing tool to send dangerous notifications that can trick unsuspecting users into clicking on malicious links or downloading malware.
Phishing attacks have been around for decades, and cyber criminals have always found new ways to trick users into revealing sensitive information or installing malware on their devices. However, the use of hijacked SharePoint servers as a phishing tool is a relatively new trend that is gaining popularity among cybercriminals.
Here’s how it works: The cyber attack starts with an unsuspecting employee receiving a notification of a file being shared with them. This notification looks like a standard notification from a genuine SharePoint server, so it is unlikely to arouse suspicion. The employee clicks on the link and is taken to the real SharePoint server, where a OneNote file appears as expected. However, inside the file, there is another notification about a PDF file with an oversized icon. The employee assumes that this is a standard download process and clicks on the link, which is actually a phishing link.
This phishing link takes the employee to a fake login page that looks like the real OneDrive login page. Once the employee enters their login credentials, the cyber attacker can easily steal them and use them to access their Yahoo!, AOL, Outlook, Office 365, or another e-mail service. This attack is successful because it is disguised as a standard notification from a real SharePoint server, making it difficult for employees to recognize it as a phishing attempt.
To prevent your employees from falling victim to phishing emails, they need to be able to identify the telltale signs of a scam. In this particular case, there are several red flags that should alert the employee:
- If the employee doesn’t know who shared the file, it’s best practice not to open it, especially if it’s from a stranger.
- If the employee doesn’t know what kind of file it is and why it’s being shared, they should exercise caution before opening it.
- If the email mentions a OneNote file but the file on the server is a PDF, it may be a sign of a phishing attempt.
- If the opened link takes the employee to a third-party site that’s unrelated to their company or SharePoint, they should be cautious.
- If the phishing email claims that the file is on a SharePoint server but the site mimics OneDrive, which are two different Microsoft services, it may be a sign of a phishing attempt.
- It’s important to ensure that employees verify the sender’s email address and the content of the message before taking any action. If in doubt, contact the sender directly to confirm the legitimacy of the notification.
- All SharePoint servers need to be updated and other software to ensure that they are protected against the latest security vulnerabilities.
Regular security awareness training is a critical step in keeping employees informed and prepared to identify and respond to potential cyber threats. A specialised online platform, such as Siccura Cybershield, can provide comprehensive cybersecurity training to employees, covering various types of cyber threats and providing tips on how to stay safe online.
It’s also important to have anti-phishing technology installed on all work devices, in addition to the corporate mail server level. This will provide an additional layer of protection against phishing attacks, which can be particularly difficult to identify and prevent. By taking these proactive steps to protect your company’s data and systems, you can minimize the risk of a successful cyber attack and ensure the continued security of your business.