Does this look familiar? Maybe, and if you were like millions of others, you clicked on the above link to sign in and, well, got hacked.
But how? And what is Phishing? How did they get your email? What happened?
First and foremost, this was an email hack. Except in a few circumstances, this only affected your email. The spam setup rules in your email that sent a spam message to anyone in your contacts list, hid the emails it sent, and disabled a few other things as well as making itself look legitimate by sending a link to a valid one drive document. However, once you opened the document, it prompted you to sign in once again, and the website then stole the credentials you provided and hacked your account. This spam message has been going around for a while, but recently a large number of users in the law community in Tucson were hit. If you have not yet been hit yet, be aware. It is still making the rounds. If you see a page like the one below, STOP, and talk to your IT guy, and DO NOT sign in.
The email you got (or may get) is called a phishing email. It is a malicious email designed to look legitimate while attempting to steal credentials. You have gotten these before. Remember the "There is a problem with your bank account, click here to fix it" emails? Same thing. Why is this one successful? Many professional services regularly send files using one drive or another service, so getting an email that talks about opening a file is expected. Many users actually emailed back (after entering their credentials) asking where the file was because the link "didn't work". This scam asked users to sign in to access the shared file, and in the process stole the credentials entered by the user, setup rules in the users account, and sent out thousands, continuing the spread. The source of the email is unknown, but everyone who signs in sends a new wave to their existing contacts.
At the moment this page is down (we may or may not have had something to do with this) so your users should be OK, but we need to use this time for training. It is true, the most successful hacks do not come from the Russians, but from security problems that exist inside a business, and most of the time those security risks are your users.
I don't want to point fingers, we all make mistakes. People are often the easiest way to hack a business. We regularly perform various tests to make sure our users are staying vigilant and keeping an eye out for threats. Unfortunately, we often succeed in the fake hacks. We use these moments to train and assist, so when the real hack comes around they are prepared.