As we return to the office, cyber threat actors are changing their tactics as they did during the work from home transition. Here at TTI, we’ve seen a number of these sophisticated attacks that attempt to redirect victims to a site to enter their credentials. But the site is NOT our Microsoft login site.
The latest scam includes pelting recipients with emails purportedly from their CIOs or other highly placed executive welcoming employees back into offices. Threat Post indicates that the fake CIO email prompts victims to link to a fake Microsoft SharePoint page with two company-branded documents, both outlining new business operations. However, if a victim decides to interact (click) on either document a login panel appears and prompts the recipient to provide login credentials to access the files.
What can I do to stay safe?
Whenever you enter credentials in a browser window, be sure that the address of the site is login.microsoftonline.com/… AND that there is a lock icon next to the address, like this:
