Phishing Campaign Dangles SharePoint File-Shares

2021-08-04 14:44

Attackers are using spoofed sender addresses and Microsoft SharePoint lures in a new phishing campaign that is "Sneakier than usual" and can slip through the usual security protections in its aim to fool people into giving up their credentials, Microsoft researchers discovered.

Microsoft Security Intelligence researchers discovered the campaign targeting organizations that use Microsoft Office 365 by using the file-sharing aspect of SharePoint, they revealed in a tweet on Tuesday.

The campaign spoofs display sender addresses that contain the target usernames and domains, as well as display names "That mimic legitimate services to try and slip through email filters," researchers said.

Which is popularly used by phishing campaigns for spoofing and typosquatting, they noted on Twitter.

Other clues to the malicious intent of the campaign are found in its use of URLs that lead potential victims to the phishing page for entering their credentials, according to researchers.

Researchers provided a query string on GitHub that can be run through Microsoft 365 Defender to flag any emails from the campaign that may have slipped past other gateways, they said.

News URL

https://threatpost.com/phishing-sharepoint-file-shares/168356/

#phishing #sharepoint