![]() ![]() Protection from web-based threats and precision Internet content control for your workforce. The user is unlikely to realize that they have been successfully phished as after entering their credentials they will be directed to the genuine Office 365 web page. Entering Office 365 credentials at this point will see them harvested by the scammers running this campaign. At face value, the document does not appear to be malicious, although checking the destination URL of the link will reveal that it directs the user to a suspect website.Īfter clicking the link, the user is presented with a login window for Office 365 and their Microsoft Office 365 credentials must be entered to proceed. A hyperlink named “Access Document” is included in the SharePoint file along with the genuine OneDrive for Business logo. The SharePoint file advises the user that the content they are looking for has been uploaded to OneDrive for Business and a further click is necessary to access the file. This SharePoint phishing scam includes a hyperlink to a genuine SharePoint document, which may not be flagged as malicious since the file itself does not contain malware. The latest scam uses messages that appear to be standard quests to collaborate on SharePoint. ![]() However, due to the value of Office 365 accounts, hackers are increasingly conducting attacks to gain access to Office 365 credentials. JavaScript and VB scripts are also used to achieve that aim. The documents usually contain malicious macros which download the malware payload if allowed to run. Most of these scams are concerned with spreading malware. The messages appear at face value to be genuine attempts by employees and contacts to collaborate through the sharing of files. The scam emails used in this campaign are similar to those used in countless Google Docs phishing scams. those credentials are subsequently used to gain access to sensitive company information stored in the cloud and email accounts which can be used in phishing and business email compromise attacks. A new SharePoint phishing scam has been detected which attempts to steal Office 365 credentials from business users. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |