Cyber Security Today: SharePoint scam, Word-delivered ransomware and more on sextortion

SharePoint scam used to steal passwords, new Microsoft Word scam installs ransomware and sextortion attempts now using another way to trick victims

Welcome to Cyber Security Today. It’s Friday August 17th. To hear the podcast click on the arrow below:

Cyber Security Today on Amazon Alexa Subscribe to Cyber Security Today on Google Play Subscribe to Cyber Security Today on Apple Podcasts

There’s a new way hackers are trying to fool users of Microsoft Office 365 to fall for a phishing scam: Include malicious links in SharePoint documents. Attackers often spread malware or malicious links through attached Microsoft Word documents or web page links in an email. But a security vendor called Avanan says it recently detected a hacker campaign against Microsoft Office 365 users that includes a link to a SharePoint document. SharePoint is a collaboration platform. The attacker’s goal is to get you to click on the link, which as expected asks you to enter a username and password before giving access to the document. That’s how the attacker steals your credentials. The scheme bypasses Office 365’s security protection, which scans for suspicious links.

You can protect yourself first by activating multi-factor authentication wherever possible on any important service where you have to log in. Second, be skeptical of any email with a subject line that capitalizes words like URGENT or ACTION REQUIRED. Third, be suspicious of URLs in the body of email. And if you are asked through an email to log into a page, make sure the URL is actually hosted by the service it is asking you to log into.

Speaking of malicious Microsoft Word documents, the SANS Institute had a blog this week about an email campaign with password-protected Word documents. A typical message might be about an attached invoice. All you have to do to open is use the supplied password, which might be something as simple as 1234, and enable macros to run. But when you do that it downloads ransomware. Here’s a good rule to follow: No one will send you a message to open a document and include a password.

Last month I told you about a sextorition scam that’s going around where people get threatening emails that lists one of their passwords as proof their computer has been hacked. The message says they’ll expose you as going to porn sites unless you pay a ransom. This week there’s news that the scam has been altered. Now the email contains the last four digits of your phone number as proof the attacker knows who you are. It isn’t clear where the criminals are getting the phone numbers from, but they’re likely stolen. Whatever the source, it’s important not to pay these thugs. They really don’t have anything on you.

Finally, remember that this week Microsoft issued its monthly patches, and so did Adobe. Make sure they’ve been installed on your computers.

That’s it for Cyber Security Today. Subscribe on Apple Podcasts, Google Play, or add us to your Alexa Flash Briefing. Thanks for listening.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada
Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@]

ITWC podcast network

Subscribe to ITWC podcasts and never fall behind on the conversation in technology again. Our daily podcasts are perfect to add to your smart speaker’s daily briefing or to your favourite podcast app on your smartphone. 

Cyber Security Today Podcast

#Hashtag Trending Podcast