File Share Phishing: Overview

Cybercriminals’ favorite way to break into a company right now is by sharing a document that leads to a fake Microsoft login page. The link could direct you to SharePoint, OneDrive, Dropbox, or another site, but the goal is always the same – they want access to your email account. Because this attack has become so common, we’d like to share some advice with you.

When you first receive a shared file, your initial thought might be, “Is this for me?” You may even respond to the email and ask the sender that very question. Unfortunately, it’s easy for cybercriminals to reply with a generic “yes.”

Moving forward into 2025, a better question to ask is, “What’s this for?”

First, ask yourself this question before clicking any links in your email. If the link is part of an active conversation, that’s great – you should be safe.

If you can think of a valid reason why someone sent you the link, then you can ask the sender, “What’s this for?” If you receive a vague response, that’s a red flag, it’s likely an attacker, not a legitimate contact.

If you have no idea why someone sent you a link, do not click on it. You can still ask the sender for clarification, but only proceed if they provide a clear, specific explanation.

The following examples may look like harmless file sharing emails, but all three of these deceptive messages led to phishing websites that were waiting to steal the user’s login information.

Remember: Always verify that the shared file is part of an active conversation before clicking on it.