Microsoft is warning business owners about a new type of phishing scam (where cyber criminals pose as a trusted source to trick you into giving away login info), which uses popular cloud services like SharePoint and OneDrive.
Although these platforms are usually safe, scammers have figured out how to trick privacy settings to get past security checks. The scammers hack your cloud storage by stealing your login details or buying them on the black market.
Once they get inside, they upload a file that is designed to look authentic – like a fake Microsoft 365 login page. They set the file to “view-only” or limit access to specific people, such as you and your team.
Opening these files or following any links inside the emails could cause serious damage to your business. Scammers can use your information to access your systems, or they can install malware (malicious software) that lets them cause disruption and steal information.
Recovering from these kinds of attacks can be expensive and time-consuming – not to mention the damage it could do to your business’s reputation.
Make sure your employees are aware of this new threat and know to be cautious when opening emails, even if they appear to come from a trusted service.
Before opening any shared files, double-check the sender’s identity. If something feels off, contact the sender directly to verify it.
Make sure you use multi-factor authentication (MFA) across all your team’s devices. This adds an extra layer of security by requiring a second piece of information (like a code sent to your phone) along with your password.
Also, keep your security software up to date so that it’s always ready to block the latest types of attack.
Educating your team on phishing tactics is another critical step in protecting your business. Conduct regular training sessions to help employees recognize the warning signs of phishing attempts, such as unexpected file-sharing requests, misspelled email addresses, or unfamiliar URLs.
Provide clear guidelines on how to report suspicious emails or files and ensure that all concerns are addressed promptly.
Implementing strong password policies is equally important. Encourage your employees to use complex, unique passwords for each account and change them regularly.
Password management tools can simplify this process, helping staff securely store and retrieve their credentials without relying on unsafe practices like reusing passwords or writing them down.
Lastly, consider investing in advanced threat protection services that provide real-time monitoring and response. These tools can detect unusual activity, such as unauthorized logins or unfamiliar devices accessing your network, and alert your IT team immediately.
By combining preventive measures with responsive solutions, you can build a comprehensive defense against phishing scams and other cyber threats. Would you like our help protecting your business with added security, training, and monitoring? Get in touch.
