Microsoft SharePoint Phishing Scam

Malicious actors are using Covid-19 and current economic conditions to exploit victims with new phishing scams. The article linked below talks about two similar phishing scams. One scam claims to be giving the user a bonus while mimicking a Microsoft SharePoint notification. The other attempts to spoof a Microsoft Planner email notification. Both scams are trying to steal the user’s Microsoft login credentials. 

“Summer Bonus” Phishing Scam

The scammer sends an email that looks like a legitimate Microsoft SharePoint notification. The email offers what looks like a bonus for the month while also having an “open” button to display an explanatory file. An example of this email is shown below.

If the victim clicks on the “open” button they will be brought to a website that looks very similar to a Microsoft login page. A closer look reveals that this is not a link to a Microsoft login page but to an AppSpot site created by the scammers. Appspot.com is a cloud computing platform for developing and hosting web applications in Google-managed data centers.

If the victim enters their login credentials into the fake Microsoft login page, their account would be compromised.

Microsoft Planner Phishing Scam

Similar to the “Summer Bonus” scam, this Microsoft Planner Phishing Scam uses an email that tries to spoof a Microsoft Planner notification. As in the “Summer Bonus” scam, it has a button but this one says “Open in Microsoft Planner” and will take you to a fake Microsoft login page. An example of this email is shown below.

As with the previous scam, if the victim enters their login credentials into the fake Microsoft login page, their account would be compromised.

To avoid these scams, make sure the site you land on after clicking the button is really a Microsoft domain. If the site is a login for Microsoft then the URL should direct your browser to a legitimate Microsoft domain.

Even before clicking any buttons, look at the From address in the headers. The scammer’s display name makes it appear as if it belongs to the targeted company. The headers can show if the From email address itself is spoofed and who is actually sending the email to you. 

Always remember that if it feels “too good to be true”, then it is probably too good to be true. It is also good practice to check with a supervisor before responding to any unsolicited requests for credentials or logins that appear to come from your employer.

If you do receive any email that you suspect is a scam, please do not click on any URL or reply. Either of those actions confirms to the sender that your email address is valid. Please forward the message (with the email headers) to security@umbc.edu.

How do I forward full email headers?

https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970

The images and the original article can be found here. Please check it out for more information: 

https://www.area1security.com/blog/july-bonus-microsoft-spear-phishing/?utm_medium=email&utm_source=blast&utm_term=na&utm_content=na&utm_campaign=2020-Q3-Email-Blast-Spot-Campaign&mkt_tok=eyJpIjoiWVdKbE1HVXlOakkzWVRWaiIsInQiOiJFWnFFZVYxYXBuTFpcLytrc1hzNkFodUZ1XC9CbWRPcUROYmhMWlM0NisyZmo3K0cybFFyY0xmMnhYXC9lYUIzMit2UXZGYzFPTURmTSt2Z1cxRDkxOTladFUwVGl5Wmczd2FmZWFvSkRZZm9iN0FVZGh0TGs2b2FlazhaSFU0ZWhzbSJ9

To read more articles published by DoIT visit: 

https://itsecurity.umbc.edu/critical/?tag=notice. 

https://itsecurity.umbc.edu/home/covid-19-news/?tag=covid19