Microsoft researchers identified a new phishing campaign that is incredibly clever and can get past a variety of detections, according to Threat Post. Hackers use Microsoft SharePoint lures and spoof sender addresses to trick victims into providing them with their credentials.
A tweet from Microsoft Security Intelligence unveiled a new phishing campaign involving SharePoint. The campaign targets organizations that use Microsoft Office 365 via the much-appraised file-sharing functionality of SharePoint. The effort imitates legitimate services to fool email filters and generates fake sender addresses that contain the usernames and domains of the intended recipients.
If the victim receives an email that appears to be from a colleague, it may contain a link to a phishing page that informs the recipient that someone else on the network requested access to their documents. The legitimacy of the file is confirmed by the presence of a business-related piece of data within the file, such as employee reports, bonuses, or pricing lists.
Due to SharePoint's widespread use makes it a target for cybercriminals
The SharePoint collaboration platform is used by a large number of companies, making it a desirable target for hackers due to its widespread use. Dora Tudor, from Heimdal Security, explained that its file-sharing capabilities and spoofing skills, make it a very potent tool for deceiving people into disclosing their login credentials.
To defend yourself from phishing efforts, you should be aware of a few warning indicators:
- The use of two URLs with improper HTTP headers by the attackers.
- The principal phishing URL is a Google storage resource that redirects to an AppSpot domain and that requires a sign-in before providing an Office 365 phishing page.
- The campaign's use of URLs that direct potential victims to a phishing page for credential entry further reveals its malicious intent.