There’s no stopping Phishers as it seems right now. Threat actors are now beginning to leverage fake automated messages from Sharepoint, Microsoft’s own collaborative platform, as a clever way to target Office 365 users credentials.
According to Abnormal Security, the campaign began with a very clever messaged disguised as an automated email from Sharepoint.
To add legitimacy to this phishing attempt, the Crackers used spoofing techniques to disguise the sender as Sharepoint.
As a way to make their email more compelling, they also didn’t address the email to a single employee but included multiple mentions of the targeted company as you can see from the screenshot below.
Crafty and well though out
The intent of the malicious actors was clear: using a convincing enough message in the hope that at least one employee would fall for the trick and open the “View xx Documents” hyperlink.
Once clicked, that link used a series of redirects to send the recipient to a landing page disguised to look like a secure Sharepoint file.
Not only that, it also employed Sharepoint and Microsoft branding to convince the user that it was safe to submit their credentials in order to view the file.
In some other cases, where the malicious link did not work, the landing page prompted the user to download a PDF document that then redirected them to another malicious site.
The researchers at Abnormal Security put the risks of this campaign into context:
If the victim falls for this kind of attack, their credentials are compromised.
This starts a cascade effects that only begins in losing any data stored on their account.
The next piece to fall, will be inevitably the company’s networks. Once Crackers have a foothold of an organisation, it’s rare that they don’t make use of it by compromising more data or even launching malware attacks.
These attack attempts highlight the need for organizations to defend themselves against a phishing attack. They can do so by educating their users about some of the most common types of phishing campaigns in circulation today and by expanding their knowledge with dedicated tools.