This content is viewable by Everyone

Sep 2023: Credential Phishing Lure Imitates SharePoint and Financial Institution

Threat Alert: Lure Spoofs SharePoint and Financial Institution

  • Cybercriminals have launched a series of phishing attacks imitating a financial institution. The lures use an alleged credit card transaction dispute as a theme. 
  • While the emails claim to come from a financial institution, the email sending address does not match the email domain of the spoofed financial organization.
  • The lures contain a malicious link leading to a lookalike login page for a financial institution as well as a malicious HTML attachment leading to a lookalike login page for Microsoft SharePoint. 

Key Actions (at Work and at Home)

  • Go beyond surface clues. Familiar logos, branding, and names are not automatic indicators that an email or website is safe. Cybercriminals often imitate well-known organizations.
  • Remain alert to phishing indicators. Mismatches between sending addresses and an organization’s name are always warning signs.
  • Verify the legitimacy of any unsolicited/unexpected email before you interact with it, especially if it directs you to click on a link, download an attachment, or to provide credentials. It can be tempting to click on a “call-to-action.” But if you notice a subtle change or inconsistency within a message, don’t ignore it—report it.   
  • Report ANY suspicious emails using the Phish Alarm button. Remember: Our organization occasionally sends phishing simulations.  


Financial Phish Indicators
Financial Phish Landing Page