Your IT Consultant

Office 365 Targeted in New Phishing Attack

August 16, 2018

Office 365 is enjoying great success and growth. One of the downsides to being popular is the huge target on your back, making you subject to attack. It's happened to Facebook, Microsoft, Apple and many others. Several months ago, the bad guys figured out a way to get around protection schemes in Office 365 by splitting up the URL. Microsoft fixed that problem, but there is a new attack on Office 365 users. A new campaign called "PhishPoint," is spreading to victims via emails that contain a SharePoint document and invitation to collaborate. The bad news is that the message contains a malicious URL that snatches end users' credentials.

After the user clicks the hyperlink in the email, the victim's browser will automatically open a SharePoint file, the content of which impersonates a standard access request to a OneDrive file. The user sees a spoofed Office 365 login screen, where their credentials are harvested. After the user login credentials are captured, they are redirected to a legitimate Office site where they are none the wiser.

Researchers stated, "The crux of this attack is that Microsoft link-scanning only goes one level deep, scanning the links in the email body, but not within files hosted on their other services, such as SharePoint."

E-mail: Phone: 703.359.0700
Digital Forensics/Information Security/Information Technology
https://www.linkedin.com/in/johnsimek
https://amazon.com/author/johnsimek
https://www.senseient.com