Phishing Example: shared "ADMINISTRATIVE SERVICE REPORT FOR ALL STAFF 2024" with you 9/25/2024

Phishing Example shared "ADMINISTRATIVE SERVICE REPORT FOR ALL STAFF 2024" with you

This example appears legitimate at first glance because an account had been compromised and a legitimate file sharing service (SharePoint) is being leveraged to add a veneer of officiality. 
 

An example phishing attempt from a sharepoint share email.

 

The sender is from the SharePoint notification service and is legitimate. It appears a user's account was compromised and used to spread a link to a word document hosted on SharePoint. They attempt to get one to click the link out of curiosity by stating the President shared a service report for all staff. This is false and an attempt to harvest personal information. 

Please be mindful of email sharing documents that you were not expecting, such as OneDrive, SharePoint, and Dropbox. If you receive mail like this, you may report it directly to our Information Security Office.