Alerts

We highlight current cyber security threats in New Zealand, and provide guidance on what to do if they affect you.

3:00pm, 14 June 2024

TLP Rating: Clear

Phishing campaign impacting organisations and New Zealanders

Compromised accounts are being used to send phishing emails from trusted or known contacts. These emails are being sent using Microsoft OneDrive/SharePoint sharing invitations, to redirect users to malicious websites, steal your login details and gain access to your account.  
  
New Zealanders are urged to be mindful of any invitation emails with sharing links, especially from external senders. If you receive one of these emails, report it to CERT NZ. If you receive one at your workplace report it to your IT team. 
 
Report to CERT NZ

What to look for

How to tell if you're at risk

If you click the link in a file sharing invitation email and are directed to a login page. Check to make sure the domain in the address bar matches the expected account login page (e.g. login.microsoftonline.com or login.live.com) before entering your information.

Just receiving the email does not mean you are at risk, however if you click the link and/or enter information, then your risk increases. 

How to tell if you're affected

If you have provided login details and/or two-factor authentication codes to unfamiliar domain.  

Check for unfamiliar logins. These might be from an odd location or from an unknown device.

Check for unfamiliar email rules. These might delete, move, mark as read, or forward messages. 

What to do

Mitigation

If your account is compromised, CERT NZ recommends you: 

  • let your IT provider know, 
  • revoke all sessions on your account,
  • remove trusted devices on your account,
  • update your password to something long, strong and unique, 

How to create good passwords | Own Your Online External Link

  • enable/reconfigure two-factor authentication, 

Use two factor authentication to protect your accounts | Own Your Online External Link

  • report the incident through to CERT NZ via our online reporting tool. 

Reporting form for businesses and individuals | CERT NZ 

More information

Find more information about phishing.

Phishing scams | Own Your Online  External Link

Email scams | Own Your Online External Link  
 
For more information on this campaign. 

NCSC Cyber Security Alert Cyber Security Alert External Link

If you require more information or further support, submit a report on our website or contact us on 0800 CERTNZ.

Report to CERT NZ 
 
For media enquiries, email our media desk at certmedia@cert.govt.nz.