In a recent phishing scam, bad guys combined some of their favorite tricks to create an extra special phishing email. This phishing scam uses a number of different tactics to fool you and your email filters.
The phishing email is designed to look like a real Microsoft OneDrive notification, complete with official logos and icons. If you check the sender’s address, you’ll see an email address that closely resembles a real Microsoft domain. The body of the email references your actual Microsoft username and directs you to click on a button to open a shared Microsoft Excel file.
To bypass your email filters, the scammers don’t use a direct link to their malicious webpage. Instead, the email includes a link from a trusted website called AppSpot, which is a cloud computing platform from Google. If you click on the “Open” button in the email, the AppSpot website immediately redirects you to a compromised Microsoft SharePoint page. On this page, you will be asked to provide your Microsoft credentials to access the supposedly shared file. Any information typed on this page will be delivered directly to the bad guys.
Remember the following tips to stay safe:
- Never click on a link or download an attachment from an email that you were not expecting.
- If you receive an unexpected email from someone who you think you know—stay cautious. Contact the person by phone or on a messaging app to confirm that they actually sent the email.
- This type of attack isn’t exclusive to Microsoft products or Microsoft users. The technique could easily be used on a number of other programs. Always think before you click.