Beware of SharePoint Phishing Attacks

We’ve seen a rise in sneaky phishing emails that look like someone is sharing a document with you through Microsoft SharePoint, Google Drive, OneDrive, Dropbox, or even from familiar contacts. These emails might seem legitimate, even appearing to come from vendors, other businesses, or your own colleagues.

Here’s how these scams often work:

You get an email that looks like a shared document.

Email screenshots showing a shared file is available.

You click the link and are asked to enter a verification code. These Microsoft codes will come from no-reply@notify.microsoft.com with subjects like:

[EXTERNAL] 10861566 is your Microsoft SharePoint verification code.

Email showing a microsoft sharepoint verification code

You enter the code you received in the email on a webpage.

Microsoft Verification Code screenshot

You see a document, which usually contains another link like “Review Document.”

Documents include links to fake portals Documents include links to fake portals

This final link takes you to a fake AU or Microsoft login page. If you try to log in here, the scammers steal your Augusta University username and password.

A fake copied version of the official login page

If you think you might have entered your information on a fake login page:

  • Don’t approve any unexpected DUO requests.
  • Immediately reset your password through the password portal or contact the Help Desk at (706) 721-4000 to have it reset.
  • Forward the suspicious email to 72cyber@augusta.edu with details about what happened and any information you entered.

Stay Safe Online: Quick Tips

  • Be suspicious of unexpected emails, even if they look like they’re from someone you know. If possible, double-check with the sender through a different method (like a phone call) to make sure they actually sent it.
  • Hover your mouse over links in emails before clicking. Does the link address look like it’s going to a real Augusta University or the service mentioned (like Microsoft or Google)?
  • Be wary if you’re asked to click multiple links or take extra steps just to view a document. This is often a sign of a phishing attempt.
  • If you have any doubts about an email, forward it to 72cyber@augusta.edu and tell us why you’re concerned. You can also report it to the Help Desk at (706) 721-4000.

Your vigilance is a vital part of keeping our AU community and data secure. Thanks for staying alert!

Like
Like Love Haha Wow Sad Angry
1
Avatar photo
Written by
Rodney Arthur

Director Cybersecurity Operations

View all articles