SharePoint Phishing Emails aren’t new; we’ve seen reports dating back across all of 2025 for similar campaigns. However, a recent wave in January surged up, enough for the NCSC in Switzerland to notice. Unfortunately, like many other recent phishing campaigns, this wave seems to be more sophisticated. Let’s cover how the phishing campaign works, and tell-tale signs to avoid falling victim to it.
Firstly, you’ll receive the email; it’ll appear as a SharePoint document being shared with you, a kind of email you’re probably very used to seeing in the workplace. It’ll also appear to be from someone you know, like a colleague or director, as the attacker can very easily find company names and email addresses, thanks to the WWW. It’s fair to assume that a lot of phishing attacks are successful because we would automatically trust an email that looks almost the same as our colleauges, especially if it’s 4:00 pm on a Friday…
The sophistication comes from the link, as it will actually take you to a SharePoint log-in. You might be wondering, then, where do they steal my details? It’s actually on the document that the phishing email is “sharing” with you in the first place. This will likely be a PDF, and inside it will be another link to take you to “verify” your credentials with your credentials and approve a 2FA request.
This way, attackers can steal your login credentials, bypass your 2FA and access your account all in one. For the sake of brevity, we’ve simplified the attack more than it actually is. If you’d like a more in-depth breakdown, we’d recommend the NCSC article mentioned at the start of the blog!
Sounds quite unfair, doesn’t it? How exactly do you spot a legitimate email from a phishing one when they look almost identical? Thanks to AI. The NCSC summised that the best things you can do are:
Overall, it’s getting harder and harder to spot phishing emails when they are being improved by exploiting AIs. Years ago, you could probably spot a phishing scam by spelling/grammar mistakes; not anymore. Exercise caution, especially with unexpected emails.
We hope you’ve liked this blog and stick around to see our future releases. We cover everything from recent IT News to knowledge base articles. Stay safe!
