Microsoft Phishing Campaigns Continue

The NJCCIC continues to receive reports of phishing attempts to steal credentials for Microsoft OneDrive and SharePoint services. Both phishing campaigns employ emails containing URLs that direct unsuspecting users to fraudulent websites that appears to look like the legitimate Microsoft login webpage. When the user logs in, their credentials may be sent to an external site controlled by the threat actor, saved in a text file for later retrieval by the threat actor, or emailed to an email address controlled by the threat actor. Then the user is frequently redirected to the legitimate Microsoft login webpage, which displays that their login failed to process and will need to log in again. Alternatively, a PDF or other document may be opened and displayed to the user in order to avoid arousing suspicions. Threat actors target file-sharing sites since they are commonly used for business purposes and may provide access to sensitive information. The NJCCIC highly recommends users avoid clicking on links contained in unsolicited or otherwise suspicious emails. If the user is uncertain of the email’s legitimacy, contact the sender via an alternate method. If you have fallen victim to this ruse, we recommend that you change passwords for all accounts that use the same login credentials and enable multi factor authentication going forward.