Apply
Apply
  1. U of R Home
  2. IS
  3. Information Security
  4. Security Advisories
  5. Security Advisory

Security Advisory

SharePoint Document Sharing Phishing

More Phishing Info
Threat Level: Medium
Threat Type: Phishing / Credential Theft
Advisory Date: 05/07/2026

 

Description

The University of Regina has observed an ongoing phishing campaign involving malicious Microsoft SharePoint document sharing invitations. These emails often appear legitimate and may claim that a document titled “University of Regina General Assessment Program” or a similarly named file has been shared with you.

The phishing emails are typically delivered through legitimate Microsoft SharePoint or OneDrive sharing notifications, making them appear trustworthy. The shared document or embedded link may direct users to a fraudulent Microsoft login page designed to steal University credentials and multifactor authentication information.

Examples of suspicious document titles observed include:

  • “University of Regina General Assessment Program”
  • “General Assessment Program”
  • “Faculty Assessment Review”
  • “Shared HR Assessment Document”

Impact

This type of phishing attack is particularly effective because the emails often originate from legitimate Microsoft infrastructure and mimic standard document sharing workflows.

If a user enters their credentials into a malicious page:
  • Their University account may become compromised
  • Attackers may gain access to email, OneDrive, SharePoint, and other Microsoft 365 services
  • The compromised account may then be used to send additional phishing emails internally and externally
  • Malicious mailbox rules may be created to hide incoming security notifications or phishing-related emails from the user

What to Look for

Be cautious if:
  • You receive an unexpected SharePoint or OneDrive document share
  • The document title creates urgency or appears generic
  • The sender is unknown or external to the University
  • You are prompted to log in again unexpectedly
  • The link redirects to a suspicious Microsoft login page
  • The email contains unusual wording, grammar, or formatting
  • Always verify unexpected document shares with the sender using a trusted communication method before opening links or entering credentials.

Resolution

If you believe you have been targeted, please contact the IS Service Desk and forward any suspicious emails as an attachment to “Report.Phishing@uregina.ca”. If you are concerned about the security of your account after receiving a phishing message, you can take the following actions:

  • Change your password. https://app2.uregina.ca/perl/chpass.plChoose a password that is:
    • Completely different than your previous password.
    • Not used anywhere else.
    • Does not contain your previous password.
  • Check your account for email forwarding and mailbox rules.

Resources

Please contact the IS Service Desk if you have any questions or require assistance:

    Email: Service.Desk@uregina.ca
    Phone: 306-585-4685
    Toll-free in Canada: 1-844-585-4685
    In person at ED 137 or Archer Library

Take cybersecurity awareness training available to all faculty and staff on Beauceron:
University of Regina Cybersecurity Training

More information on phishing awareness and reporting can be found at the University of Regina Information Security pages. (University of Regina)

More Phishing Info