A new Phishing campaign based on legitimate servers from the Microsoft SharePoint platform aims at least 1600 people throughout the Europe, the USA and other areas around the world using one native notification mechanism.
Kaspersky security researchers described the findings in a new advisory published earlier today, adding cyber-criminals used the scam to steal the credentials for various email accounts, including Yahoo!, AOL, Outlook, Office 365 and others.
“The employee receives a standard notification about someone sharing a file,” wrote Kaspersky spam analysis expert Roman Dedenok. “This is unlikely to arouse suspicion […] because it’s a real notification.”
Upon clicking on the link, victims are directed to a genuine SharePoint server hosting a OneNote file that includes another link: this one a malicious one.
“This link, in turn, opens a standard phishing site that mimics the OneDrive login page, which readily steals credentials for Yahoo!, AOL, Outlook, Office 365 or another email service,” Dedenok wrote.
“This is possible because, thanks to Microsoft developers, SharePoint has a feature that allows you to share a file that’s on a corporate SharePoint site with external participants who don’t have direct access to the server,” explained Dedenok.
To protect against this phishing campaign, Kaspersky recommends system defenders hold regular security awareness training for employees.
How to Prevent Phishing scams:
- Conduct regular employee training
- Deploy a spam filter
- Keep passwords secure
- Stay up-to-date with security patches and updates
Follow Us on: Twitter, Instagram, Facebook to get the latest security news!
Leave A Comment