PhishPoint and Sextortion

Standard

I posted about Sextortion, the Latest Email Scam not too long ago.  This morning, during one of the morning commute drive time radio shows, I heard a public service announcement from the FBI.  It talked about the significant increase in complaints SextortionIIcoming in to the Internet Crime Complaint Center (IC3) related to this.  The public service message further talked about many of the points I made in my original post, that this is just a new type of email phishing that the ciminals are using.  It focuses on praying on the fear that the bad guys have compromizing images of you, which they most likely do not.

Here is a link to an FBI Public Service Announcement related to this.

Not to be outdone, there is yet another new scam going around that has been labeled “PhishPoint.”  This is a fairly classic email scam that tries to trick a recipient into giving the bad guys access to an internal Sharepoint site, thus the name.  This particular phishing scam focuses on Office 365 users.PhishPoint

The folks at KnowBe4, put out the following alert related to this threat:

Be on alert! The bad guys have a new way of stealing your login credentials. They target you by sending you an invite via email to open a SharePoint document. The link takes you to an actual SharePoint page where you will see a OneDrive prompt. The prompt will have an “Access Document” link in it- don’t click this link!

This link is malicious and will take you to a fake Office 365 login screen. Any credentials you enter here will be sent to the bad guys. Don’t be tricked.

Whenever you’re submitting login credentials to any site, make sure to check the URL of the page for accuracy. Also, remember to always hover over links to see where they are taking you. Remember, Think Before You Click.

Here’s a link to details post KnowBe4 has made available, complete with screenshots, to help you be aware of and defend against this threat.