New Office 365 phishing attack uses malicious links in SharePoint documents

Haythem Elmir
0 1
Read Time1 Minute, 50 Second

Fake emails targeting Office 365 users via malicious links inserted into SharePoint documents are the latest trick phishers employ to bypass the platform’s built-in security, Avanan researchers warn.

The cloud security company says that the phishing attack was leveraged against some 10% of its Office 365 customers in the past two weeks and they believe the same percentage applies to Office 365 globally.

About the PhishPoint attack

“The victim receives an email containing a link to a SharePoint document. The body of the message is identical to a standard SharePoint invitation to collaborate,” the researchers explained.

“After clicking the hyperlink in the email, the victim’s browser automatically opens a SharePoint file. The SharePoint file content impersonates a standard access request to a OneDrive file, with an ‘Access Document’ hyperlink that is actually a malicious URL.”

Office 365 phishing SharePoint

As you may guess, the malicious link leads to a spoofed Office 365 login screen, ready to harvest login credentials.

Protection

The company touts its security solution as a good way to catch these types of attacks, since Microsoft doesn’t scan attached files hosted on their other services such as SharePoint and, in any case, wouldn’t be able to blacklist these URLs without blacklisting links to all SharePoint files.

But companies can also implement multi-factor authentication to secure their employees’ Office 365 (and other) accounts and invest in anti-phishing training programs.

“Like many of the more nuanced instances of phishing we analyze, these attacks were designed to be visually indistinguishable from obviously work-related emails that appear safe,” the researchers pointed out, and advised users to be skeptical of emails with URGENT or ACTION REQUIRED in the subject line, be suspicious of URLs in the body of the email and, when presented with a login page, to check whether its URL is actually hosted by the legitimate service.

But, as they noted, if this attack involved links that would trigger a malware download rather than direct to a phishing page, the attack would have caused damage by the time the user clicked and investigated the URL.

 

To read the original article:https://www.helpnetsecurity.com/2018/08/15/office-365-phishing-sharepoint/

 

Happy
Happy
0 %
Sad
Sad
0 %
Excited
Excited
0 %
Sleepy
Sleepy
0 %
Angry
Angry
0 %
Surprise
Surprise
100 %

Average Rating

5 Star
0%
4 Star
0%
3 Star
0%
2 Star
0%
1 Star
0%

Laisser un commentaire

Next Post

KeyPass ransomware

In the last few days, our anti-ransomware module has been detecting a new variant of malware – KeyPass ransomware. Others in the security community have also noticed that this ransomware began to actively spread in August: Notification from MalwareHunterTeam Distribution model According to our information, the malware is propagated by means of […]