Quote:Since at least last summer, unknown cybercriminals have been sending e-mails to Office 365 users, hoping to swindle credentials out of them. According to the researchers who first uncovered this attack, up to 10% of all users of the service could have received such a message.

PhishPoint campaign


The scam e-mails look like standard invitations to collaborate in SharePoint. The recipient is prompted to open a document stored in OneDrive for Business. The trick is that the link in the e-mail really does point to a document in OneDrive for Business, but this document is disguised as an access request. The “Access Document” link at the bottom of the page redirects the victim to a third-party site masked as the Microsoft Office 365 login page.

Corporate workspaces are seen as more trustworthy than other resources, and users may be under the impression that outsiders cannot readily gain access to SharePoint services, so they boldly follow the link to the scam website. If the victim enters work credentials on this site, they will become available to the owners of the file.

Full reading: https://www.kaspersky.com/blog/sharepoint-phishing-attack/25515/