New Office 365 phishing attack uses malicious links in SharePoint documents


Fake emails targeting Office 365 users via malicious links inserted into SharePoint documents are the latest trick phishers employ to bypass the platform’s built-in security, Avanan researchers warn.

The cloud security company says that the phishing attack was leveraged against some 10% of its Office 365 customers in the past two weeks and they believe the same percentage applies to Office 365 globally.

About the PhishPoint attack

“The victim receives an email containing a link to a SharePoint document. The body of the message is identical to a standard SharePoint invitation to collaborate,” the researchers explained.