Important Security Notice:

BCC IT have issued the following advisory to make our clients’ aware of a new and highly sophisticated phishing threat currently circulating within UK organisations. This alert is based on information shared from multiple reputable cyber-security sources across the sector, and we want to ensure you and your teams have clear, practical guidance to stay protected.

What has happened

As a Global Technology Industry Association (GTIA) member, we have been advised that several organisations have reported receiving highly convincing phishing emails sent from the compromised Microsoft 365 accounts of trusted suppliers or partners. Because these attacks originate from genuine business accounts and use legitimate Microsoft OneDrive or SharePoint links, they are extremely difficult to spot using traditional visual cues.

This represents a growing trend in supply-chain-based phishing, and we encourage all customers to exercise heightened awareness.

How the attack works (in simple terms)

The threat uses an advanced technique known as Adversary-in-the-Middle (AiTM) phishing, which is specifically designed to bypass normal multi-factor authentication (MFA). In practice, this looks like:

• An email from a real contact at a trusted organisation, whose account has been compromised
• A link to a document hosted on legitimate Microsoft infrastructure, making it appear entirely authentic
• When the user tries to open the document, they’re silently redirected to a perfect copy of the Microsoft login page
• Even after entering credentials and completing MFA, the attacker intercepts the login session in the background

This enables the attacker to act as the user, potentially accessing email, files, and using the compromised identity to target others in the supply chain.

What you should look out for

Please be cautious—even when an email appears to come from someone you know—if:

• You are asked to open or review a document you were not expecting
• You are prompted to log in again when opening a shared file
• The timing, tone, or context of the message feels unusual

If something doesn’t seem right, we strongly recommend contacting the sender using a known phone number or starting a new email chain rather than replying to the original message.

Recommended actions for your organisation

To help protect against this emerging threat, we recommend:

• Reminding staff to be cautious of unexpected file-sharing links, even from trusted partners
• Ensuring that your organisation enforces Conditional Access policies or equivalent zero-trust controls to prevent unauthorised sign-ins
• Encouraging all users to report suspicious emails promptly, rapid reporting reduces risk significantly
• Continuing regular phishing awareness training, especially around new AiTM techniques.

We’re here to help

If you would like further guidance or support, whether technical advice, awareness materials, or help reviewing your organisation’s security settings, please let us know as we’re happy to assist.

Thank you for your continued vigilance.

Kind regards,

BCC IT Operations