If you are an organization that uses Microsoft Office 365 as your email platform, be on the lookout for a new tricky phishing attack recently used by cyber criminals. Microsoft has issued an alert to its customers warning them of the new attack, which merits mention to your users.

The phishing scheme is designed to use convincing emails, a legitimate looking SharePoint site, and “a crafty combination of legitimate-looking original sender email addresses, spoofed display sender addresses that contain the target usernames and domains, and display names that mimic legitimate services to try and slip through email filters.”

According to the alert, “The original sender addresses contain variations of the word ‘referral’ and use various top-level domains, including the domain com[.]com, popularly used by phishing campaigns for spoofing and typo-squatting.”

The emails reportedly try to get users to believe they are being asked to join a secure SharePoint site by using SharePoint in the display name and poses as a site for bonuses, staff reports or other links that curious users may be duped into opening, which then navigates to the phishing page without the user’s knowledge.

Microsoft continues to urge O365 users to implement multi-factor authentication on all accounts. User education continues to be an important tool to combat successful phishing campaigns, and keeping users informed of the newest scams gives them the ability to protect company data.

Photo of Linn Foster Freedman Linn Foster Freedman

Linn Freedman practices in data privacy and security law, cybersecurity, and complex litigation. She is a member of the Business Litigation Group and the Financial Services Cyber-Compliance Team, and chair’s the firm’s Data Privacy and Security Team. Linn focuses her practice on…

Linn Freedman practices in data privacy and security law, cybersecurity, and complex litigation. She is a member of the Business Litigation Group and the Financial Services Cyber-Compliance Team, and chair’s the firm’s Data Privacy and Security Team. Linn focuses her practice on compliance with all state and federal privacy and security laws and regulations. She counsels a range of public and private clients from industries such as construction, education, health care, insurance, manufacturing, real estate, utilities and critical infrastructure, marine and charitable organizations, on state and federal data privacy and security investigations, as well as emergency data breach response and mitigation. Linn is an Adjunct Professor of the Practice of Cybersecurity at Brown University and an Adjunct Professor of Law at Roger Williams University School of Law.  Prior to joining the firm, Linn served as assistant attorney general and deputy chief of the Civil Division of the Attorney General’s Office for the State of Rhode Island. She earned her J.D. from Loyola University School of Law and her B.A., with honors, in American Studies from Newcomb College of Tulane University. She is admitted to practice law in Massachusetts and Rhode Island. Read her full rc.com bio here.