A new phishing campaign is abusing Microsoft SharePoint access approval requests. Instead of using traditional malicious links, attackers are sending emails that closely resemble legitimate SharePoint or Microsoft 365 notifications. These messages prompt users to approve access or open a file they were not expecting.
Interacting with these requests can result in credential theft, account compromise, or unauthorized access to CSU systems. Anyone who has already clicked or entered their credentials should contact the Division of IT Help Desk immediately at [email protected] or by phone at 970‑491‑7276.
Please review the Phishing Alert: Fake SharePoint Access Approval Requests knowledge article to learn how to recognize this type of phishing attempt and what actions to take if you receive one.
An example of what a message of this type could look like is below:
