Security News > 2021 > October > Phishing attack exploits Craigslist and Microsoft OneDrive

Phishing attack exploits Craigslist and Microsoft OneDrive
2021-10-26 16:14

That's true of a new phishing campaign that uses both Craigslist and OneDrive to trick people into installing malware.

Clicking on a button in the email was supposed to take people to a form document that had been uploaded to an actual Microsoft OneDrive site.

The phishing messages themselves came from a Craigslist domain and an authentic Craigslist IP address.

Since Craigslist didn't intend to send these emails, Inky believes the site may have been compromised, especially since the users were specifically targeted.

Further, the attackers used a legitimate Microsoft OneDrive site, impersonated DocuSign to give the operation an air of authenticity and flashed Norton and Microsoft logos to lend additional credibility to the message and the resulting form.

In the campaign described by Inky, it makes no sense that a Craigslist problem would be resolved through a document uploaded to OneDrive.


News URL

https://www.techrepublic.com/article/phishing-attack-exploits-craigslist-and-microsoft-onedrive/#ftag=RSS56d97e7

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Microsoft 708 787 4584 4638 3637 13646