Kingston Police warn public of multi-layered Microsoft scam

Kingston Police have become aware of a recent phishing scam where scammers combine some of their favourite tricks to create an extra special phishing email. This phishing scam uses a number of different tactics to fool users and their email filters.

According to a release from Kingston Police, dated Wednesday, Aug. 18, 2021, the phishing email is designed to look like a real Microsoft OneDrive notification, complete with official logos and icons. A check of the sender’s address shows an email address that closely resembles a real Microsoft domain. The body of the email references the recipient’s actual Microsoft username and directs them to click on a button to open a shared Microsoft Excel file, police said.

To bypass email filters, the scammers don’t use a direct link to their malicious webpage. Instead, the email includes a link from a trusted website called AppSpot, which is a cloud computing platform from Google, according to the release. When a user clicks on the “Open” button in the email, the AppSpot website immediately redirects to a compromised Microsoft SharePoint page, police said. On this page, visitors will be asked to provide their Microsoft credentials to access the supposedly shared file. According to police, any information typed on this page will be delivered directly to the scammers.

Kingston Police offer the following tips to stay safe:

• Never click on a link or download an attachment from an email that you were not expecting.
• If you receive an unexpected email from someone who you think you know, stay cautious. Contact the person by phone or on a messaging app to confirm that they actually sent the email.
• This type of attack isn’t exclusive to Microsoft products or Microsoft users. The technique could easily be used on a number of other programs. Always think before you click.