Fake emails targeting Office 365 users via malicious links inserted into SharePoint documents are the latest trick phishers employ to bypass the platform’s built-in security, Avanan researchers warn.

The cloud security company says that the phishing attack was leveraged against some 10% of its Office 365 customers in the past two weeks and they believe the same percentage applies to Office 365 globally.

About the PhishPoint attack

“The victim receives an email containing a link to a SharePoint document. The body of the message is identical to a standard SharePoint invitation to collaborate,” the researchers explained.