Phishing attacks are evolving fast and the energy sector has become a prime target. Cyber criminals are now exploiting trusted platforms like SharePoint to trick employees into handing over log-in details. As a result, companies and governments are paying close attention to how these threats unfold.
How the SharePoint Phishing Works
Firstly, in one multi‑stage attack analyzed by Microsoft started with adversary‑in‑the‑middle (AitM) phishing, where the victim received an email from the compromised account of a trusted organization.
The message contained a document‑sharing workflow theme and included a SharePoint URL that directed the victim to a landing page asking them for their Microsoft credentials.
Next, the attackers set up for Business Email Compromise (BEC), accessing the compromised inbox and creating rules to mark all messages as read and delete incoming emails. They then sent over 600 phishing emails to the victim’s contacts, with another phishing URL.
The recipients were identified based on the recent email threads in the compromised user’s inbox,” Microsoft explains.
Finally, the attackers monitored the compromised account, deleting undelivered and out-of-office responses, as well as messages from recipients who questioned the authenticity of the phishing emails.
Why Energy Systems Are at Risk
The energy sector runs critical infrastructure that powers homes, offices, schools, businesses and many more. Any disruption can cause blackouts, halt productions and weaken national resilience.
Moreover, hackers know that most of the companies in the energy sector rely on traditional security measures which makes them an easy target to exploit. By targeting this sector, attackers can cause widespread damage and gain leverage in global conflicts.
Building Defenses and Looking Ahead
On the defensive side, companies can take practical steps to reduce these risks. Training employees to recognize suspicious emails is essential, while multi‑factor authentication adds another layer of protection beyond passwords.
In addition, monitoring for unusual activity, such as sudden changes in inbox rules, helps detect intrusions early. Regular software updates and clear access policies further strengthen resilience.
Looking ahead, cyber threats against the energy sector will continue to rise. Attackers are becoming more creative and persistent, yet companies are also investing heavily in cybersecurity.
Furthermore, collaboration across industries and governments will play a key role in building stronger defenses. Ultimately, the future of energy security depends on staying alert, adapting quickly, and never underestimating the power of a simple phishing email.
