There’s a New Phishing Scam… and It’s Smarter Than Ever

Cybercriminals are at it again, finding clever new ways to trick businesses into handing over sensitive information. This time, they’re targeting cloud services like SharePoint and OneDrive – the tools we all rely on to keep things running smoothly. The irony? They’re using the trust we place in these platforms against us.

Here’s how this scam works:

  • They steal or buy your login details. Scammers either trick you into sharing them through fake emails or buy them on dodgy online marketplaces. (Yes, these exist – it’s as grim as it sounds.)
  • They upload convincing fake files. Once inside your cloud storage, they create files designed to look completely legitimate – like a Microsoft 365 login page or an important document.
  • They restrict access. To make it look more believable, they set these files to “view-only” or restrict access to just you and your team. When you get an email saying, “Here’s an important document for you to review,” it looks completely genuine.

But if you do click, the consequences can be serious. Malware might be installed on your system, giving scammers access to your data or even locking you out entirely. Alternatively, you could unknowingly hand over even more sensitive details. Either way, it’s costly – both in time and money – and can seriously damage your business’s reputation.

How to Protect Your Business

Thankfully, there are some straightforward steps you can take to reduce your risk:

  1. Be suspicious of unexpected emails. If something feels off, don’t click anything straight away. Check the sender’s identity – ideally by calling them directly or sending a fresh email (don’t just hit reply to the dodgy email!). Even if the email looks professional, it’s worth double-checking.
  2. Use multi-factor authentication (MFA). This is one of the simplest and most effective ways to keep your accounts secure. It’s like having a second lock on your door – even if scammers have your password, they’ll still need a code or other verification method to get in.
  3. Keep your software up to date. Those updates you’re always tempted to skip? Don’t. They’re often released to patch security vulnerabilities that scammers love to exploit. Staying up to date is one of the easiest ways to keep ahead of cybercriminals.

What’s Next?

Phishing scams are always evolving, and it can feel like a constant battle to stay safe.

Whether you want to strengthen your security, train your team to spot threats, or just get some advice, we’re here to help. Book a call with Nick:


Scroll to Top