Catches of the month: Phishing scams for August 2021

Welcome to August’s review of phishing scams, in which we look at criminals’ latest tactics and provide examples of successful frauds.

This month, we delve into the latest phishing campaign targeting Microsoft SharePoint users, and take a look at a report that asks why almost three quarters of organisations have fallen victim to phishing scams in the past year.

Microsoft issues alert about “crafty” phishing scams

Security researchers at Microsoft are again warning users about phishing scams imitating SharePoint.

The messages appear to come from Microsoft SharePoint and contain a “file share” request to access “Staff Reports”, “Bonuses”, “Pricebooks” and other content that’s purportedly hosted in an Excel spreadsheet.

The Microsoft Office collaboration platform has become essential for many organisations during the pandemic, as it allows employees to collaborate on projects while working remotely.

Unfortunately, cyber criminals have been exploiting this by ramping up the number of bogus emails that appear to be from SharePoint.

A few months ago, we reported on a phishing scam that purportedly asked recipients to provide a signature on a SharePoint document. Those who followed the link were sent to a mock-up of the SharePoint login screen and were asked to provide their credentials.

In that instance, the scam was comparatively easy to spot. The messages were poorly written, the recipient wasn’t addressed by name and the URL of the redirected site didn’t contain the word ‘SharePoint’.

However, the latest scam is much harder to spot, with Microsoft’s Security Intelligence team issuing an alert.

“An active phishing campaign is using a crafty combination of legitimate-looking original sender email addresses, spoofed display sender addresses that contain the target usernames and domains, and display names that mimic legitimate services to try and slip through email filters,” Microsoft said.

The scam campaign can be identified by its repeated reference to email “referrals” and the fact that they appear to contain a document that has been shared by a colleague.

Users may have a hard time spotting the scam, though, because SharePoint does send legitimate emails like this. The example above, for instance, contains a graphic with a file name and a link to open it – just as would happen if someone genuinely shared something with you.

To identify its true nature, you must therefore look at the sender’s email address. Whereas a genuine message would come from the email address of the person who sent it (presumably a colleague), the phishing emails come an illegitimate address.

“The emails contain two URLs that have malformed HTTP headers. The primary phishing URL is a Google storage resource that points to an AppSpot domain that requires the user to sign in before finally serving another Google User Content domain with an Office 365 phishing page,” Microsoft notes.

Test your employees’ ability to detect a scam with our simulated phishing attack

Our Simulated Phishing Attack service sends your employees a mock phishing email without the malicious payload.

This gives you the opportunity to monitor how your employees respond. Do they click a link? Do they recognise that it’s a scam and delete it? Do they contact a senior colleague to warn them?

73% of organisations fell victim to phishing in the past year

If you needed a reminder that phishing can affect anyone, an Egress report has found that 73% of organisations were successfully targeted by scams in the past year.

The study, which polled 500 IT leaders and 3,000 employees in the US and the UK, found that remote working contributed to the issue, as businesses struggle to maintain visibility over the security habits of home workers.

Meanwhile, 53% of IT staff said that phishing scams have contributed to an increase in cyber security incidents during the pandemic.

Egress’s vice president of threat intelligence, Jack Chapman, said organisations have been “bombarded” by phishing attacks in the past year.

“With many organizations planning for a remote or hybrid future, phishing is a risk that must remain central to any security team’s plans for securing their workforce,” he said.

According to the study, employees’ poor security habits are directly responsible for the increase in attacks.

It found that 43% of workers weren’t following security protocols and 36% were rushing and making mistakes.

Can you spot a scam?

Make sure your staff know how to identify and avoid scams with our Phishing Staff Awareness Training Programme.

This 45-minute course uses examples like the ones above to explain how phishing works, what to look out for and the steps you should take to avoid falling victim.