
New Phone Scam Targets Business File Storage to Steal Company Data
A scam group called Helix is calling employees pretending to be IT support to steal business files from SharePoint. Watch out for suspicious IT calls at work.
Source
BleepingComputer
Original headline: New Helix vishing group emerges in SharePoint data theft attacks
Plain-English summary by GetCyberRight. Read the full report at the source above.
A new cybercrime group called Helix has emerged using phone calls and text messages to trick employees into giving away access to their company files. They are specifically targeting SharePoint, which is a business file storage system that many companies use to share documents among employees.
The scammers call employees pretending to be from IT support or security teams. They use voice phishing, also called vishing, to manipulate people into providing login codes or approving access requests on their phones. Once they gain access, they steal company data and threaten to release it unless the company pays.
Stay one step ahead of scammers
Weekly cybersecurity briefings for families. No spam, just the threats that matter and what to do about them.
This threat primarily affects people at their workplace rather than at home. If you or someone in your family works for a company that uses SharePoint or Microsoft 365 for work files, they could receive one of these scam calls. The scammers are particularly good at bypassing multi-factor authentication, which is the security feature that sends a code to your phone when you log in.
They trick employees into reading those codes out loud during the fake support call, or into approving login requests that are actually the attacker trying to get in.
- Do not give out any codes, passwords, or approve any login requests during the call.
- Hang up and contact your IT department directly using a phone number you look up yourself, not one the caller provides.
- Never approve authentication requests on your phone unless you personally just tried to log into something.
- Be especially suspicious of urgent requests or threats like "your account will be locked" or "we detected suspicious activity."
- Report the call to your workplace IT or security team right away. This scam is a reminder to always verify before you trust. Legitimate IT staff will never pressure you to provide codes or approve requests immediately over the phone. Teach everyone in your family that it is always okay to hang up and call back through official channels when something feels rushed or suspicious. This applies to calls about bank accounts, tech support, or any other sensitive topics. Taking two extra minutes to verify can prevent a major security breach.
Curated from trusted cybersecurity sources by GetCyberRight
Source: BleepingComputerStay ahead of cyber threats
Get our free weekly digest. Real threats, plain language, what to do about them. No spam, ever.
More articles

Considering Switching from Windows to Linux? Here is One User's Experience
A longtime Windows user tried Linux Ubuntu on an old laptop to see if it could replace Windows 11. The experience had challenges but positive results.
2 min read
Trying Linux on an Old Laptop: Could This Free System Work for Your Family?
A technology writer tested Linux Ubuntu on an old laptop. It could give new life to older computers your family no longer uses.
2 min read
The Person Hired to Help Ransomware Victims Was Actually Working With the Criminals
A negotiator who was supposed to help companies targeted by ransomware secretly worked with the attackers instead. This shows why choosing who to trust in a crisis matters.
2 min read
The Person Hired to Help Ransomware Victims Was Actually Working With Criminals
A cryptocurrency employee secretly helped hackers extort $75 million from businesses. This case shows why choosing who handles a cyberattack matters.
2 min read