Original Phishing Message

Tips for Detection

• Though this email comes from a legitimate Microsoft SharePoint service, beware of cloud file sharing links that you are not expecting.
• Notice the discrepancy between the text in the body of the message claiming that “Isiaah Crawford has shared a file” versus the actual sender being “Chris Masters”.
• The generically named file “Doc” should be suspicious.
• The link opens a OneDrive Word file that solely contains instructions to click another link leading elsewhere. Generally, this is a strong indicator that the message is phishing. In this case, the second link led to a form asking you to provide your email address and password. Never enter your username/password on sites you do not recognize or in online forms.

Text of Phishing Meesage

Subject: Masters, Chris shared “Doc” with you.

Masters, Chris shared a file with you

FWD: Isiaah Crawford has shared a file with you using one drive.

Doc [link removed]