Attackers Claim Identity of Financial NGO to Steal Sharepoint, Office Credentials

2020-05-06 13:05

A new phishing campaign is targeting investment brokers with fraudulent emails aimed at stealing their Microsoft SharePoint and Office credentials, by invoking the identity of a credible financial regulatory organization.

The "Widespread, ongoing phishing campaign" is using emails that claim to be from specific officers at the Financial Industry Regulatory Authority, in an attempt to direct investment brokers to give up their Microsoft Office or SharePoint passwords, according to a post on the organization's website.

To enhance the perception that the emails come from a trusted source, attackers are signing off on the messages with names of actual FINRA officers, including Bill Wollman and Josh Drobnyk, according to the authority.

In emails with an attachment, it is usually a PDF file that directs the user to a website, where they are prompted to enter their Microsoft Office or SharePoint password, according to FINRA. FINRA recommends that anyone who may have received one of the fraudulent emails and already entered their password, change it immediately.

While the campaign is not expressly related to new security risks that have emerged in the wake of the coronavirus pandemic, there have been a rash of new email campaigns that use a similar tactic, with attackers masquerading as officials from public health organizations like the World Health Organization.

News URL

https://threatpost.com/attackers-identity-financial-ngo-steal-sharepoint-office-credentials/155502/

#credential #financial #office #sharepoint