Do you use SharePoint in your organization? SharePoint is a Microsoft system that allows organizations to collaborate and share documents and information. Initially released in 2001, it has increased in popularity steadily since then, with a big jump in usage during 2020, when COVID-19 sent millions of workers home to work remotely. That makes Phishing attacks targeting SharePoint users more fruitful. A SharePoint Phishing attack was recently discovered by Cofense.com, a Phishing detection and response company, which not only revealed the attack itself, but also that the company discovered that the hack bypassed Microsoft’s own secure email gateway.
What The SharePoint Phishing Attack Does
Phishing is a cyber attack that disguises itself as a legitimate email, message or request, with the typical goal of stealing legitimate login credentials to valuable resources, such as bank accounts, network servers, email accounts, databases and more. Usually, Phishing messages are sent by email, but it has cousins Vishing and Smishing, which are messages sent by voicemail and SMS messages.
This may be the first case of Phishing via SharePoint messages, which are tightly integrated into Microsoft’s Office 365 ecosystem. In this attack, a message is sent that says the user’s digital signature is urgently required. The message is patterned to look like a legitimate SharePoint message. The user then clicks the link, and is brought to a login screen that is labelled with the SharePoint logo and text (in red) that says “Because you’re accessing sensitive info, you need to verify your password.”
As soon as the user enters their legitimate login credentials to the organization’s real SharePoint site, those credentials are sent to the cyber criminals, who can then log into SharePoint and cause damage.
Phishing As An Epidemic
Phishing is becoming increasingly common. In a recent article, we wrote about how “The FBI reports that phishing and related scams (Phishing / Vishing / Smishing / Pharming), have more than doubled in frequency in 2020, rising from 114,702 complaints in 2019 to 241,342.” But Phishing is not only used to steal information, resources and credentials but also to spread Ransomware.
That makes guarding against Phishing and its cousins a more important task than ever.
Clues You Are Being Phished
The SharePoint Phishing attack was similar to other Phishing attacks in many ways.
- The text in the Phishing message contained grammar and spelling errors. It implored users to “response urgently”
- As is apparent in the quote above, it also used urgency, a common tactic in Phishing messages.
- The link to the Phishing login screen was not hosted at a URL that belonged to the organization it claimed to be a part of, in this case Microsoft. Instead, the login page was hosted at SipesLake.xyz.
SharePoint Phishing - How To Protect Your Company Now
Cyber Awareness training is an important defense against Phishing and other Social Engineering attacks. Until you can get your staff trained, share the following information with them:
- Hover over links in all messages (Email, SharePoint, etc.) and examine the Link’s URL before you click. It usually shows in a tooltip near the mouse cursor, or at the bottom left of a browser window. If it doesn’t look like what the text says it is, don’t click it.
- Personalization -- the inclusion of your name in an email -- is common in authentic emails and less common in Phishing messages. Be suspicious if your specific cooperation is requested but your name isn’t mentioned.
- Be suspicious of any message that uses urgency, even from well-trusted colleagues.
- Beware of bad grammar and spelling errors.
- If the request doesn’t sound right, it probably isn’t. For example, if you are asked to digitally sign a document but that is not generally your role, be suspicious.
- When in doubt, confirm with a phone call or text message.
That all said, there is no replacement for securing your company’s IT infrastructure with state of the art tools that do the following:
- Formal Cyber Awareness training conducted for all employees at all levels upon hiring, and all employees at regular intervals, such as quarterly or semi-annually.
- Link Sandboxing causes links to be opened in a safe environment prior to allowing the user to be exposed to the web page, file or resource.
- Web Filtering, blocks visiting known malicious websites, and slows access to unknown or suspicious sites.
- Out of date software is a leading cause of hacks and breaches. Patch Management means keeping your software up to date, an important part of any security strategy. Another recent SharePoint attack infected networks with Ransomware through unpatched SharePoint servers.
Digital Uppercut Can Help
As the recent hack of the Colonial Pipeline shows, cyber criminals are getting more creative and causing more damage than ever. Your business is not flying under the radar and is likely to be the target of a cyber attack sooner rather than later. Digital Uppercut is your cybersecurity bodyguard. Our Business Protection Toolkit has what you need to help protect your organization and staff from SharePoint Phishing, email Phishing, Ransomware, Malware and other types of attacks and breaches. Contact us online or call us at 818-913-1335 and let’s work together to protect your company.