Cybercriminals are using a Microsoft SharePoint phishing attack, dubbed "PhishPoint," to target Office 365 end user credentials, according to cloud security platform provider Avanan.PhishPoint targeted about 10 percent of Avanan's Office 365 customers, but the company blocked all of the attacks.Still, other Office 365 users and partner service providers could be at risk. Avanan estimates that 10 percent of the entire Office 365 installed base -- across all users and service providers -- have been targeted by the attacks. So far, Microsoft has not commented about the alleged attacks.Be skeptical of any email subject line that capitalizes URGENT, ACTION REQUIRED or other buzzwords related to workplace stress. Be suspicious of URLs present in an email's body. On a login page, ensure the URL is hosted by the service provider. For an unexpected email from a peer or superior, contact this individual to verify that he or she actually sent the message. Use multi-factor authentication (MFA) to secure user accounts across multiple software platforms. The aforementioned best practices can help Office 365 users identify and prevent PhishPoint attacks, but these practices are not foolproof, Avanan stated. However, organizations can partner with MSSPs, which provide cybersecurity services and support to help Office 365 users detect and block PhishPoint and other cyberattacks.