Phishing alert: fake Microsoft file-sharing emails

The University is aware of an ongoing phishing campaign targeting staff and students. Attackers are using compromised accounts to send fake Microsoft file-sharing links that appear to come from someone you know.

You may receive an email with a subject like [Sender Name] shared [File Name]. It looks like a genuine Microsoft notification linking to a document. However, the shared file is a disguised .aspx file. Malicious activity begins after you open the document, allowing the attacker to bypass standard security tools.

After clicking the link, you may be shown a fake Microsoft login page and then redirected to a fake University of Auckland login page that asks for your username, password and authentication token.  

• Unexpected CAPTCHA notifications. Legitimate Microsoft document sharing rarely requires one.
• Domains in your browser that don’t start with sharepoint.com, microsoftonline.com, or auckland.ac.nz.
• Links that redirect you to a non-Microsoft domain.  

• Do not click on links in suspicious emails, even if they appear to come from someone you trust.
• If you clicked on a link or entered your credentials by mistake, reset your password immediately. To reset your password:
  • At the top of any page on the University website, choose the ‘Students’ or ‘Staff’ menu and select ‘Change my password’. The ‘Student’ or ‘Staff’ menu will only appear if you’re not signed in.
    • If you’re signed in (e.g., for staff, are in the Staff intranet section), choose your initials on the top right corner of any page and select ‘Change my password’

Stay alert and report any suspicious activity to the Staff Service Centre or email spam@auckland.ac.nz.