Scammers are being forced to be creative as more phishing attacks are coming to light on a daily basis. With this campaign, emails are sent by scammers that tell their target, “you won’t be able to open your Excel or any document file due to a system delay.” Included with that message is a prompt for the receiver to click on a link labeled, “Configure Excel and PDF Settings” to access their files. When clicked, it takes the victim to a SharePoint login form which mimics a shared Excel document. Instead of recovering their files, their credentials are saved to a server operated by the scammers where they can later use the login information to carry out Business Email Compromise (BEC) scams or total account takeovers.
As always, any email from an unknown sender requesting login credentials should be approached with caution. A system admin should be made aware of the email and consulted before any credentials are provided. Although they may not always catch phishing attacks, email filters are always a good idea when considering added layers of security.