Fraudsters Exploit SharePoint for Phishing Attacks

Phishing attempts using Microsoft SharePoint have surged recently. These emails often appear to come from trusted colleagues or partners, making them especially dangerous. .

How the Scam Works

Attackers send a real-looking SharePoint sharing link. After entering login credentials and MFA, victims may be asked again to authenticate or click further links. These lead to fake sites that steal data.

Why It’s Risky

• Legitimate links: Hackers exploit real SharePoint accounts, so the shares look authentic.
• Compromised accounts: Messages often come from hacked colleagues or partners.
• Internal spread: Attacks can circulate inside a company, making detection harder.

Warning Signs & Precautions

• Verify unexpected sharing links with the sender directly.
• Stop immediately if asked to log in repeatedly or if new links require authentication.
• Check URLs carefully—phishing domains often imitate Microsoft’s.
• What To Do if You Click
  • Do not re-enter your credentials. Report immediately to IT.
  • Request a password reset, and re-register MFA.
  • If the message came from a colleague, inform IT so they can secure the compromised account.

Protect Yourself

• Use strong, unique passwords.
• Update MFA reguraly.
• Keep browsers and devices patched.
• When in doubt, confirm with the sender before opening links.

Minimazing risks

One hacked account can compromize entire systems. Quick reporting and caution are key to minimizing damage.

If you come across suspicious emails or links, notify IT operations or the SOC team immediately.

Read the full article on our International subsidiary’s website by clicking on the logo:

Do you have a question, You are attacked, contact our Colleagues!