Tuesday, July 28, 2020

beware of SharePoint phishing attacks


Don Sharpe

Spoofed SharePoint email attack

If you’re a Microsoft 365 user, chances are you’ve used SharePoint to share and manage official documents and content.

The app, which recently received a Yammer integration update, comes in handy when you need to remotely collaborate on business files. Sadly though, threat actors know this too. So they’re now sending spoofed SharePoint emails to unsuspecting employees as part of a phishing campaign.

Microsoft 365 user credentials targeted in phishing attacks

The folks at Abnormal Security uncovered a phishing campaign that targets corporate SharePoint users. Unfortunately, the end game for the attackers is to collect unsuspecting users’ Microsoft 365 credentials.

They start by sending spoofed SharePoint emails addressed to no specific person. By not naming any individual as the recipient, the threat actors aim at tricking as many victims as possible into supplying their Microsoft 365 login details.

This attack impersonates an automated message from Sharepoint to send phishing emails. The email itself is not addressed to any specific individual, and is meant to cast a wide net to phish for employees credentials.

However, unlike previous similar attacks, this phishing campaign doesn’t create any sense of urgency to get the target to act quickly.

According to Abnormal Security, the attackers designed the phishing emails to appear to originate from within the target organization.

As you may expect, each email has a malicious link. And if you click on the link, you end up on a fake Microsoft 365 landing page. The link may take the user to a PDF download page that redirects to another site, in other cases.

Whichever way the link goes, the user ends up on a site that requires Microsoft 365 security credentials to sign in.

Phishing attacks targeting the users of Microsoft 365 or other cloud-based or on-premises computing tools are a persistent cybersecurity issue. Be sure to guard your IT systems with all you’ve got, from antivirus solutions to Microsoft Defender ATP.

For any cybersecurity-related problem or question, write us a message in the comments box below.


and

If you are looking for a cheap and genuine microsoft product key, warranty for 1 year.
It will be available at the link: https://officerambo.com/shop/
Microsoft Windows Embedded 8.1 Industry Pro : https://officerambo.com/product/windows-embedded-8-1/
Key Windows 7 Professional / Home Base / Home Premium (2 USER) : https://officerambo.com/product/key-windows-7/
Microsoft Windows 8.1 PRO (2 PC) : https://officerambo.com/product/microsoft-windows-8-1-pro/
Windows Server 2012 R2 : https://officerambo.com/product/windows-server-2012-r2/
Visual Studio Enterprise 2019 : https://officerambo.com/product/visual-studio-enterprise-2019/
Windows Server Standard / Datacenter / Essentials : https://officerambo.com/product/windows-server-all-version-standard-datacenter-essentials/
Microsoft Office Professional Plus for Windows : https://officerambo.com/product/microsoft-office-professional-plus-for-windows/
Microsoft Office Home and Student for Windows : https://officerambo.com/product/microsoft-office-home-and-student/
Key Microsoft Access 2016 : https://officerambo.com/product/key-microsoft-access-2016/
Microsoft Visio Professional : https://officerambo.com/product/microsoft-visio-professional/
Microsoft Project Professional : https://officerambo.com/product/microsoft-project-professional/
Account Microsoft Office 365 Profestional Plus 2020 Update For 5 Devices : https://officerambo.com/product/account-microsoft-office-365/
Key Microsoft Windows 10 Profestional / Profestional N : https://officerambo.com/product/key-microsoft-windows-10/
Key Microsoft Windows XP Pro : https://officerambo.com/product/key-microsoft-windows-xp-pro/
Microsoft Office Home and Business for Mac : https://officerambo.com/product/microsoft-office-home-and-business-for-mac/

No comments:

Post a Comment