• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
Lydon Solutions

Lydon Solutions

Construction Project Management Software Solutions

  • Construction Viz
  • Services
    • Business Consulting
    • Professional Services
    • Microsoft 365 Managed Services
    • Government Agencies
  • Company
  • Events
  • Blog
  • Careers
  • Contact
  • Search
  • Free Consultation
Show Search
Hide Search
phishing attacks
Jeff Lydon

Jeff Lydon, the president and founder of Lydon Solutions, has over 20 years of experience in construction project management, project controls, and product management across multiple industries, including civil/environmental, manufacturing, healthcare, and utilities.

Beware of Phishing Attacks This Holiday Season

December 7, 2020 How-To

We are all somewhat distracted and more prone to rush to get tasks completed around the holidays as we focus on family and friends and the season. This year with the increase in working remotely and the rapid adoption of Office Online, SharePoint Online, OneDrive, and Teams, attackers are increasingly leveraging these platforms for phishing attacks.

We wanted to highlight a new type of threat occurring more, especially this year, in the hope we can alert you to the risks associated with using cloud services.

A New Phishing Threat to Cloud Services


With this new phishing threat, an attacker compromises a user's account, gains access to their contacts and sends malicious links from legitimate domains. The email may contain an invoice, voicemail, or similar legitimate communication that mimics regular business practices and misleads you into thinking the message has come from a colleague or partner.

After an attacker compromises a SharePoint or OneDrive account, they upload a malicious file and change the account's sharing permissions to "public" so that anyone can access it. This malicious link is then shared with the compromised users' contacts or other targeted individuals. Sometimes the link is a unique redirect URL and so it can be difficult to detect, as it would not appear on any URL reputation repository.

Some attackers have strategically placed malicious content in one compromised account while using a second account – perhaps one belonging to an important or credible individual that one might expect communication from – to send the link. Even if the second tenant's compromised account is discovered, the malicious file hosted in the first tenant would not be taken down. And so, the attack would persist.

Other similarly abused cloud-based services include Sway, Dropbox, Google APIs, Google Docs, Google Drive, and Box.

Be Careful of Phishing Attacks this Holiday Season


These types of scams are difficult to detect and even harder to block or mitigate. Please make sure to remain vigilant and question before trusting any communications, especially during this holiday season. If you have questions about phishing attacks or online security threats, don’t hesitate to reach out to our team.


Related Posts

Murph Challenge 2022
Company News | June 23, 2022

We Completed the 2022 Murph Challenge

Read More >
Microsoft News | May 18, 2022

What does Windows 365 Cloud PC mean for construction? – Part 2

Read More >
Microsoft News | May 12, 2022

What does Windows 365 Cloud PC mean for construction? – Part 1

Read More >

Primary Sidebar

Search Blog

Recent Posts

Murph Challenge 2022
Company News | June 23, 2022

We Completed the 2022 Murph Challenge

Microsoft News | May 18, 2022

What does Windows 365 Cloud PC mean for construction? – Part 2

Microsoft News | May 12, 2022

What does Windows 365 Cloud PC mean for construction? – Part 1

Company News | April 6, 2022

Are you ready for the Murph Challenge?

How-To | March 30, 2022

Welcome to Microsoft 365 for Construction. Where We Are Going, There Are No Roads

How-To | March 21, 2022

Track construction project issues and tasks using Microsoft Lists

Footer

About

Lydon Solutions is a WBE consulting group specializing in construction project management software solutions using Microsoft SharePoint.

Learn more >

Products & Services

  • Construction Viz
  • Professional Services
  • Business Consulting
  • Microsoft 365 Managed Services
  • Government Agencies

News & Events

  • Events
  • Blog

Company

  • About
  • Careers
  • Contact Us

Join our Mailing List

  • This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
  • This field is for validation purposes and should be left unchanged.
Lydon Solutions

© Lydon Solutions

  • Sitemap
  • Privacy
  • Cookies
  • Terms of Use
  • Disclaimer