Microsoft Online Document Phishing Campaign

The NJCCIC has detected a phishing campaign designed to steal users’ email account credentials through the use of a fraudulent shared document. Recent emails related to this campaign contain subject lines such as “Invoice due,” “New message alert,” or "New AUG PO (StatementsReport#)" and attempt to entice recipients into clicking on the embedded link by suggesting there is a file to download. If a user clicks on the URL link provided in the body of the email, they will be directed to websites that spoof Microsoft’s authentication page. The spoofed sites are designed to steal users’ credentials before eventually redirecting the users to Microsoft’s correct online authentication page.The NJCCIC recommends never using links provided in unsolicited emails to visit websites requiring the input of account credentials. Users who receive unexpected or unsolicited email requests from known senders inviting them to click on a link or open an attachment should always verify the sender via another means of communication before taking any action.