Beware of “Too Real to Be Fake” Emails: How KSP Protects You from Modern Phishing Attacks

Protect yourself from phishing scams

Cybercriminals are getting smarter, and their emails are getting harder to spot.

Recently, our team at KSP Technology identified and blocked a highly convincing phishing email targeting one of our customers. The message appeared to come from a trusted sender and looked exactly like a legitimate Microsoft OneDrive or Adobe PDF share. At first glance, everything seemed normal. Beneath the surface, however, it was designed to steal login credentials and fuel further attacks.

Here’s how this attack worked, and how we helped keep our customer protected.

phishing original email

What the Email Looked Like

The phishing email appeared to:

  • Come from a legitimate, known sender
  • Contain a secure PDF document
  • Reference Adobe PDF Online or OneDrive document sharing
  • Include a large, familiar-looking “Preview Document” button

This is what makes modern phishing attacks so dangerous. Nothing immediately looks suspicious.

In this case, the sender’s email account had already been compromised. That meant the message came from a real person, not a fake or misspelled address, which significantly increased its credibility.

   Screenshot from the hack

The First Red Flag: The Document “Preview”

Normally, when Microsoft or OneDrive shares a document, you’ll see:

  • Clear “Open” or “Share” buttons
  • Clickable links with visible destinations
  • Familiar Microsoft sharing controls

phishing pdf

In this attack, the experience was very different:

  • The entire document preview was a single image
  • That image acted as a hidden link
  • There were no standard Microsoft sharing buttons

This is a major warning sign and a common tactic in image-based phishing.

The Second Red Flag: A Fake Website

Clicking the image redirected the user to a website that:

  • Looked like a legitimate document portal
  • Appeared professional and trustworthy
  • Prompted the user to “preview” the document

After clicking again, the user was presented with what appeared to be a Microsoft sign-in page.

At this point, most people believe they’re logging into Microsoft, but they’re not.

Microsoft signin

The Biggest Tell: The URL

The sign-in page was not hosted on a real Microsoft domain.

Legitimate Microsoft login pages use domains such as:

  • login.microsoftonline.com
  • login.live.com
  • microsoft.com

Phishing URLs often:

  • Contain extra or unrelated words
  • Use subtle misspellings
  • Live on completely unrelated domains
  • Look “close enough” to trick the eye

Always check the address bar before entering your credentials. The URL is often the only clear giveaway.

your email phishing scam

What Happens If You Enter Your Password?

If credentials are entered on a fake sign-in page:

  • Attackers immediately capture your email and password
  • The page may claim the password is incorrect
  • You’re encouraged to try again

Each attempt gives attackers another password to test.

They then launch a password spray attack, trying those credentials against:

  • Microsoft 365
  • Email accounts
  • Cloud services
  • Any website associated with that email address

Once They’re In, the Damage Grows

After gaining access, attackers may:

  • Monitor your emails and contact list
  • Learn how you communicate and who you trust
  • Send phishing emails from your account
  • Request payments or sensitive information
  • Attempt password resets on other services
  • Lock you out of your own accounts

If personal accounts are linked to your work email, those can be targeted as well.

Ultimately, the goal is always the same: financial gain.

How KSP Protected Our Customer

We identified this threat early — before any credentials were entered — by:

  • Detecting abnormal email behaviour
  • Recognizing image-based phishing techniques
  • Analyzing suspicious destination URLs
  • Alerting the customer before damage occurred

As a result:

  • Credentials were not compromised
  • The attack did not spread internally
  • The customer remained fully protected

This is the value of proactive, managed cybersecurity.

How You Can Stay Safe

We recommend:

  • Never clicking document previews that are entirely images
  • Always checking the URL before entering credentials
  • Being cautious with unexpected document shares, even from known senders
  • Reporting suspicious emails immediately

If something feels off, it probably is.

Security That Works Before You Click

Modern phishing attacks are designed to look legitimate because they are built on trust, familiarity, and compromised accounts.

At KSP Technology, we don’t just react to security incidents. We work to identify, stop, and prevent threats before they disrupt your business.

If you have questions about email security, phishing protection, or user awareness training, our team is here to help — so you can work with confidence and peace of mind.

SOLUTIONS

Cybersecurity
Managed IT Services
Hosted Desktop
Business Phone Systems

INDUSTRIES

Construction & Engineering
Government & Public Sector
Healthcare & Medical
Non-Profit and Business Associations
Professional Services

RESOURCES

Client Portal
IT Insights
Book a Consult

 

Looking for Fully Managed IT Solutions? Get a Free Consultation

Book A Call

Head Office

Address: 101-2825 Saskatchewan Dr. Regina, SK S4T 1H3
Phone: 1-877-352-4577
Email: info@ksp.ca

Satelite Offices

SASKATOON – 333 – 21st Street E
CALGARY – 401 – 700 8th Avenue
EDMONTON – 318 – 13548 97 St. NW

What the Recent Microsoft Outage Really Means for Your BusinessRegina-Food-HubTechnology That Feeds Community: KSP Technology’s Partnership with Regina...