On August 27, Doug Austin of CloudNine featured the Ride the Lightning (RTL) blog post “New Phising Attacks Impacts 10% of Office 365 Users” in his own post. His blog post, “New Phishing Scam Goes After Office 365 Users: Cybersecurity Trends” is featured in CloudNine’s eDiscovery Daily Blog. CloudNine is a legal intelligence technology company with deep expertise in the analysis, processing, and review of electronically stored information (ESI). Ride the Lightning is an electronic evidence and cybersecurity blog by Sensei’s Sharon Nelson.
Excerpt: According to a recent blog post, there’s a new phishing campaign where the scammers are taking advantage of a small, but serious oversight in Microsoft’s Office 365 suite of online services to serve phishing emails that are visually indistinguishable from work-related emails and appear completely safe. This new attack has impacted an estimated 10% of Office 365 users worldwide.
As reported in Bitdefender (The Underrated Importance of Training Your Staff to Spot Devious Phishing Attacks, written by Filip Truta, and covered by Sharon Nelson’s excellent Ride the Lighning blog), PhishPoint, as the campaign is dubbed, has a variant that most other phishing scams don’t: it goes beyond email and uses SharePoint to harvest end-users’ credentials.