Hackers are using increasingly sophisticated methods to breach cybersecurity and gain access to our systems.
Te Pūkenga kaimahi are receiving phishing emails from users in the network who have had their accounts compromised.
These emails look like legitimate Microsoft OneDrive and SharePoint invites (see below):
However, a legitimate SharePoint invite takes you to shared files. This new phishing scam requests you to sign in via what appears at first glance to be a Microsoft page (see below).
If you encounter this DON’T SIGN IN! If you enter your details into the fake log-in page they will be stolen along with your multi-factor authentication information, user credentials, authentication tokens and used to access your account.
You can also spot the fake log-in page by checking the website address it is hosted on. The one below didn’t even mention Microsoft web in the address:
How to keep yourself safe from this attack:
• Do not open any unexpectedly shared files or links, even if the email is from someone you know.
• Do not click on a link from a shared file asking you to login or verify your account details or open the scanned attachment.
• If you have opened a shared document and are now being asked to login or click here or enter your company details STOP! contact your IT helpdesk or Service desk.
Our kaimahi are our first line of defense against phishing attacks.
Please ensure you complete the Phriendly Phishing training we provide.