Real-World Phishing Email experience
Date of Occurrance: 8/27/2024
Sender: known contact from a large customer
Result: notified customer IT to be resolved on their end; issued warning to coworkers
I received an email this morning from a known contact with a large customer. The body of the email was a direct link from within the customer’s sharepoint. This was slightly unusual, but not alarming. I made sure the link was legitimately linking to Microsoft’s Sharepoint and then proceeded to follow the link.
Upon visiting the customer’s sharepoint, the only file available was a document that had an additional link to “view document”. I knew immediately not to continue. The document was sparce and formatted in an unprofessional manner. There were some obvious grammatical errors and the company logo looked like it had been copied and enlarged from the customer’s email signature line as it was quite blurry. The nail in the coffin was where that “view document” was linking to. It did not link to any recognizable domain. RED FLAG!
Image not available
It looked like the hacker had actual access to this customer’s sharepoint account. I emailed the customer asking if they meant to send me something and the hacker actually responded back with the below.
Upon receiving this response I know did not come from the customer, I went through our usual channels to notify the customer’s IT desk of this breach. I also notified our personnel of the issue so no one else would become a victim of the perpetrator.
*I was unable to get a screenshot of the actual document with the malicious link. All other images were gathered after the incident was resolved in order to document here.