Beware the next time you receive an email with a SharePoint request to collaborate. A growing number of Office 365 customers are being victimized by a clever phishing scam. Hackers are taking advantage of the fact that Microsoft doesn’t scan attached files hosted on their other services such as SharePoint.
Exploiting standard workflow processes, attackers send an email message that is identical to a standard SharePoint invitation to collaborate.
The message has a link to a SharePoint document that when clicked, automatically opens the victim’s browser and a SharePoint file that impersonates a standard access request to a OneDrive file. A malicious URL is behind the 'Access Document' link and that's where hackers collect user information via a fake Office 365 login screen.
While this is a novel approach to a phishing scheme. there are two easy ways to mitigate this threat:
Use multi-factor authentication to secure Office 365 (and other) accounts
Invest in training programs that cover online security