Protect Your Access: Safeguard Against Credential Hijacking in SharePoint

More than 68 million malicious messages were associated with Microsoft products and brands in 2023, according to a recent 2024 State of the Phish report from Proofpoint. Microsoft’s SharePoint application, used by HM and many other organizations for collaboration and file management, is frequently utilized to help cybercriminals gain system access and distribute their attack.

Once a SharePoint account is compromised, the attacker can upload a malicious document and use SharePoint’s document-sharing feature to distribute it and trick you into clicking a malicious link. You’ll be prompted to access a legitimate SharePoint login screen, but when you enter your credentials to view the malicious file, the attacker steals them.

Safeguard HM by reporting suspicious messages
Experts say the average time for a user to fall for a phishing attack is less than 60 seconds. Recognizing how quickly a compromise can happen reminds us to slow down and stay vigilant, even with messages from trusted sources, like colleagues or SharePoint.

Remember, if you receive any suspicious email or text, don’t ignore or delete it, report it using the Report Phish button or the Report Suspicious button for any suspected phishing email.