I have been adding SharePoint scenarios to my phishing awareness training sessions throughout the year for this very reason. The file share component that has become so familiar and convenient to so many of us over the last 18 months is a perfect target for exploitation. During the “work from home” days of COVID-19, SharePoint and its cousins Microsoft Teams and OneDrive, have become day-in / day-out tools for many of us, so those alert messages from Microsoft letting us know content has been shared with us have become so common and expected that we barely pay them any notice. This is a serious threat.
We need to pay attention and we need to realize that our new, convenient habits quickly evolve into targets of opportunity for cybercriminals the world over. Pay heed to this article from the great team at ThreatPost.