Kaspersky Lab experts have identified a new phishing scheme using SharePoint servers that allows attackers to steal logins and passwords for various mail accounts, including Yahoo!, AOL, Outlook, Office 365. The company told socialbites.ca about this.
The program is aimed at employees of companies around the world, including in Russia. Attackers send phishing link notifications on behalf of SharePoint, a collaborative software that bypasses spam filters and is unmistakable, especially if it’s customary in a company to use this app on a daily basis. Over the past winter, Kaspersky Lab experts have detected more than 1,600 such emails.
According to experts, this is precisely the main danger of the scheme – attackers not only hide the phishing link on the SharePoint server, but also distribute it using the built-in notification sending mechanism. This is possible because Microsoft provides the ability to share a file on a corporate SharePoint server with external participants in the workflow who do not have direct access. To do this, attackers simply need to gain access to someone’s SharePoint server using a similar phishing trick.
When the recipient clicks the link, they are taken to the SharePoint server where the OneNote file actually opened. However, inside this file it looks like another notification and contains a large icon that the buyer perceives as an additional step to download the data. In fact, he’s the one who turned out to be phishing.
“This phishing scheme is dangerous because the notifications come from a legitimate service of a real company. However, in this case there are red flags. Firstly, it is unknown who shared the file (it is better not to open files from strangers), it is unknown what kind of file it is (legitimate recipients as a rule) They explain what they’re posting and why.) The download link for the file redirects to a third-party site not related to the victim’s organization or SharePoint. The file is allegedly on a SharePoint server and the site is emulating OneDrive – these are two different Microsoft services, ”says Kaspersky Lab. and spam analysis specialist Roman Dedenok.
Formerly socialbites.ca saidA vulnerability has been discovered in Microsoft Outlook that allows passwords to be stolen with just one email.