The Fax Behind Cybercrime: Microsoft SharePoint Fax Scam

The Fax Behind Cybercrime: Microsoft SharePoint Fax Scam

Share with your network!
The Fax Behind Cybercrime: Microsoft SharePoint Fax Scam

Remember the fax machine? At their peak of use, they were pretty high tech. A fax machine used a telephone line to send printed documents to another person with a fax machine.  When I think of fax machines, I imagine someone wearing a power suit with very large shoulder pads and using one of those brick mobile phones with the sticking out aerial.

Now, you tend to get e-Faxes or the digital fax; the NHS has finally also banned paper faxes with a phasing out of fax machines by April 2020. Cybercriminals, as you will know if you read our Breaking Scams weekly post, will look for any opportunity to trick you into infecting your machine with malware, including spoof e-faxes. This week’s scam is a digital fax scam based on a Microsoft SharePoint email.


SharePoint Fax Scam – What the Spoof Message Looks Like

Cybercriminals love Microsoft Office 365 and all of the associated apps, like SharePoint. Office 365 is regularly one of the most spoofed brands used by phishing fraudsters to trick employees into clicking links or downloading infected attachments.

This week’s breaking scam report is about a spoof SharePoint message that contains a digital fax for ‘you alone’.

The message itself was very basic, but it used Microsoft SharePoint branding to give the recipient a false sense of security. There was an image of the spoof fax in the message itself, giving the recipient a tantalising glimpse of what awaits…if only you click on the link…

The image itself was clickable and a separate “Open Here” link was offered to allow the fax to be accessed.

The reasons that we used to identify this as a spoof SharePoint message was:

  1. We did not recognise the sender’s email address
  2. When we hovered over the link, the URL was not a Microsoft SharePoint link

What Happens if You Click the Malicious Link?

We copied the web address presented in the SharePoint message link and analysed it. The results, from two different online analysers (Kaspersky and Sucuri) show that the website is a critical security risk. That is, if you click on the site, either your machine could be infected with malware or the site is recognised as a phishing site that will attempt to steal personal data and/or login credentials. The likelihood of this scam is that it will attempt to steal genuine SharePoint login credentials to then access a real SharePoint account.


To avoid phishing scams such as this week’s SharePoint message scam, you need to be vigilant. The message was simple, and in doing so, it prevented normal alarm bells caused by misspelling and poor language, from ringing. Often cybercriminals rely on knee-jerk reactions to phishing campaigns. Keeping things simple with a clear and obvious action for the recipient can be a good tactic in social engineering. The best way you can stay safe from phishing is to keep on top of all of the various tactics used by cybercriminals. By being security aware you will build good security habits that will give you the tools to help stop fraud.

Why not help your colleagues stay safe and send them this little reminder. Feel free to edit, copy/paste the advice below:

Microsoft SharePoint Fax Scam

An email is being sent to corporate email accounts asking recipients to click a link to view a Microsoft SharePoint e-fax. This is a scam and you should inform your IT department immediately if you receive such an email.


For more information on what to do if you receive a phishing email check out “What to Do if You Click on a Phishing Link?

Don’t forget to share this with your colleagues and friends and help them stay safe.

Let’s keeping breaking scams