PhishPoint - Office 365 Phishing Attack Investigation

Email Fraud Investigation
digitpol Investigation unit

PhishPoint

PhishPoint is a Microsoft 365 attack using spear phishing and social engineering methods to steal O365 user accounts data, including login credentials. It occurs when an attacker, masquerading as a trusted entity, dupes a victim into opening a spoofed an email containing a link to share a sharepoint file. 

PhishPoint is an Office 365 Phishing attack, it takes place when a target, an O365 user gets an email with a link to access a SharePoint document, the type of message Office 365 users receive everyday within their organization, the sharepoint platform is a standard at millions of companies.

The attack happens when an email is sent to a 0365 user, the email is spoofed and the sharepoint hyperlink is a fake. The office 365 user easily gets duped into clicking the URL to access the file, often described as a PDF, but what opens is a spoofed landing page opens where the target is asked to provide their Office 365 login credentials. This is how the hackers / attackers gain access to critical internal email accounts and sharing 0365 systems, by stealing users login credentials. Hackers are targeting large organisations that run on office365 and specific targets are group mailboxes. Digitpol investigated office 365 fraud on a daily basis and can identify if hackers are still active within an organisation and identify how the attack took place.

Phishing attacks, email fraud, scams, online fraud happens in most cases when cyber criminals find ways to hack into the email servers or accounts of small and medium companies, often targeting those with business in Asia countries. Cyber criminals gain access to email accounts and  search through email accounts looking for sensitive information such as outstanding, unpaid invoices or data relating to financial transactions and business between supplier, vendor and clients. When cyber criminals identify a sale or a due invoice, the fraudsters then send various fictitious emails from the hacked email account or an email address replicated to the original purporting to be in charge of the sale or due invoice to be paid, the fraudster is then asking for transfers of funds into a nominated bank account, usually giving an excuse that there is a problem at the bank and an alternative account needs to be used. It is common that the nominated account is in the same name as the company name or with a very slight change such as an extra letter. It is common the bank account to be in the same city as the victim or client.

PhishPoint - Office 365 Hack Investigation

Digitpol's Cyber and Fraud Team are certified examiners and can assist to all cases related to Phishing attacks, email scams and fraud. Digitpol can deploy forensic examiners to investigate the hack, determine how it took place and report the findings, Digitpol ensures that hackers are not active in your network and ensure your user accounts policies and rules are configured correctly to prevent further attacks.

If your company has been targeted by a phishing attack such as Internet Fraud, CEO Fraud or Email Fraud and Scams and funds have been transferred to a bank account, we can help you, but only if you act fast and if you have the proof. If Digitpol is notified in time, Digitpol will assist to stop the funds from been transferred further and assist with all matters such as reporting the crime to the local Police in the region the funds have been transferred to.

Are you effected by a Office 365 Phishing Attack? 

If an office 365 phishing attack happens to you, you need to respond rapidly as hackers may still have control of user accounts. Phishing attacks and email fraud can lead to major disruption and financial disasters.

If you encounter or believe that you have been the victim of online or internet fraud (i.e. phishing, fraudulent text messages etc.), please send an email to info@digitpol.com Be sure to attach any supporting documentation such as copies of suspicious emails, text messages and questionable links/URLs.

Digitpol is available 24/7.

Phone: +31558448040 / +85239733884