Let’s consider a real-world phishing example:
How did it start?
In April 2021, a new phishing attack hit remote workers, who tend to rely a lot on cloud-based programs like Microsoft SharePoint.
Here is how it worked: an unsuspecting worker received an ordinary-looking e-mail. However, this e-mail was persuasive, and used an immediate, urgent tone favored by phishing scammers. This e-mail requested something that seemed innocent – a signature on a document stored safely on the widely trusted platform, Microsoft SharePoint.
What was the scam?
On the surface, it seemed harmless. The e-mail was created to look like the real thing, complete with the SharePoint logo and branding, which was familiar to many office workers. However, clicking on the link didn't lead to SharePoint, as expected. Instead, it took the user to a phishing site, designed to steal the user’s credentials.
Why was it successful?
With the sudden shift to remote work in the Covid pandemic, cybercriminals recognized a golden opportunity and created scams such as this one, focusing on exploiting these software platforms.
So, to stay one step ahead of these threat actors, follow the advice in this unit. Be careful of e-mails that seem to come from well-known companies like Microsoft – these e-mails can easily be faked.