You might want to be a little more careful about potential phishing scams regarding Microsoft Office 365.
Microsoft’s Security Intelligence team has issued a warning via Twitter to be on the lookout for an active phishing campaign targeting Microsoft Office 365 users.
As usual, phishing is when an attacker emails or texts people pretending to be a legitimate company to trick them into giving up their personal information. A common phishing attack is an email that looks like it came from your bank. When users click on the log in button via the email, it takes them to a website posing as the bank’s website, and it steals your username and password when you log in.
Microsoft has stated that that the campaign uses a SharePoint file share request for documents such as “Staff Reports,” “Bonuses,” “Pricebooks,” and more. These contain a URL to a malicious web page that asks people to sign in with their Office 365 credentials. The team says that Microsoft Defender for Office 365 detects and blocks these emails.
Please be alert and stay tuned for additional details as they become available.
Via The Mac Observer and @MsftSecIntel