Emails claiming a vendor, client, or auditor shared a confidential file via SharePoint or OneDrive link victims to credential-harvesting pages. Because real businesses use these links daily, the lure blends into normal workflow.
Who is affected
Professional services firms, healthcare billing teams, and finance departments that regularly receive document-sharing links from external partners.
Why it matters
These attacks exploit trust in legitimate cloud platforms. Staff who handle invoices and contracts all day are prime targets for a link that looks routine.
Recommended actions
- Hover over links and confirm the domain is a genuine Microsoft service before signing in.
- Use Conditional Access to block legacy authentication and unexpected sign-in locations.
- Ask senders to confirm document shares through a second channel when the request is unexpected or urgent.
- Enable Safe Links and anti-phishing policies in Microsoft Defender for Office 365.
Official reference
Need help implementing these protections?
ITNS provides managed IT, cybersecurity, and compliance support across Florida. Tell us about your environment — we will help you prioritize what matters most for your team.
Disclaimer: This advisory is for general awareness only and does not constitute legal or compliance advice. Every environment is different — contact ITNS for guidance specific to your business.