Hacked SharePoint sites used in new phishing campaign

Security researchers have discovered a new phishing campaign that uses compromised SharePoint sites and OneNote documents to trick potential victims of the banking sector into visiting their landing pages.

Cybercriminals behind the campaign have chosen Microsoft's web-based SharePoint collaborative platform to launch their attacks because the domains they use are often ignored by secure email gateways and this allows their messages to be Phishing really reach the inboxes of users.

After committing a SharePoint account, attackers use that account to send an email to potential victims asking them to review a proposal of legal advisors through a URL embedded in the message. This new phishing campaign was discovered by Cofense researchers who explained why their tactics are so effective in a blog post and said:

"SharePoint is the initial delivery mechanism to deliver a secondary malicious URL, which allows the threat actor evades almost any email perimeter technology. ”

Hiding in plain sight

The URL in the initial message sends users to a SharePoint site controlled by the attacker where a fake document of OneNote well done to be illegible asks the targets to download the full version document using an embedded link, however, this link actually sends bank employees to the attacker's phishing page.

On the phishing page , the objectives see a web page that pretends to be the official OneDrive for Business login page with a message about the fo Login form that says: "This document is secure, log in to view, edit or download. Select one of the following options to continue. "

From here, users have the option of logging in with an Office 365 account or with their account from any other email provider. Thus, if a user does not is willing to give up his Office 365 credentials, attackers will continue to have access to another of their accounts.

Once a victim enters their login credentials, the BlackShop Tools phishing kit automatically collects them. the campaign and available for sale on the dark web.

To avoid being a victim of a phishing attack, it is recommended to avoid opening emails from unknown contacts and carefully examining the URLs of the websites you visit.

Via Bleeping Computer

For More Updates Check out Blog, Windows Softwares Drivers, Antivirus, Ms Office, Graphic Design Don’t Forget to Look Our Facebook Page Get Into Pc like us & follow on Twitter- @getinpc

Please Note: This content is provided and hosted by a 3rd party server. Sometimes these servers may include advertisements. igetintopc.com does not host or upload this material and is not responsible for the content.