Beware: New Phishing Scam Targets Your Cloud Services

Microsoft is alerting business owners about a new phishing scam that targets popular cloud services like SharePoint and OneDrive.

In this scam, cybercriminals impersonate trusted sources to trick you into sharing your login information. While these platforms are generally secure, scammers have found ways to bypass privacy settings and security measures. They may either steal your login credentials or purchase them from illegal sources. Once they gain access, they upload files that look legitimate, such as a fake Microsoft 365 login page. These files are often set to view-only or restricted to specific individuals—like you and your team.

Opening these files or clicking on links in suspicious emails can lead to serious consequences for your business. Scammers can exploit your information to infiltrate your systems or install malware that disrupts operations and steals sensitive data. Recovering from such attacks can be costly and time-consuming, not to mention the potential harm to your company’s reputation.

It’s crucial for your employees to recognise this threat and exercise caution when dealing with emails—even those that seem legitimate. Always verify the sender’s identity before opening shared files; if anything seems off, reach out directly for confirmation. Implementing multi-factor authentication (MFA) across all devices adds an extra layer of security by requiring a second form of identification—like a code sent to your phone—alongside the password.

Additionally, keep your security software updated so it can effectively counter the latest threats.

We also have a simple but effective solution for dealing with fake Microsoft login pages, if you’d like to know more about this then just let me know, or if you need any other assistance with your security setup.