Microsoft Security Intelligence has discovered attackers are using spoofed sender addresses to send fake SharePoint requests to trick Microsoft users into giving login credentials.
These attacks are overwhelmingly targeted at organisations and have been described as a “sneakier than usual” phishing campaign by the Microsoft division.
The campaign spoofs sender details to evade email filters and convince users they are being emailed by a colleague.
The target will receive an email, seemingly from a work colleague, containing a file share request that links to a phishing page. A page that impersonates Office 365 and asks the user to sign with their legitimate credentials, which are then stolen.
These emails are more believable as they include some form of legitimate-looking business content, like staff reports or price books, according to researchers.
SharePoint is an extremely popular target for cybercriminals looking to phish or extort due to its popularity amongst businesses. Spoofing SharePoint’s file-sharing capability is extremely effective at tricking victims into revealing credentials.
This phishing campaign is another addition to the massive number of scams that seek to trick Microsoft users. Microsoft in 2020 was the most impersonated company globally by cybercriminals, meaning if your business is operating via Microsoft, it’s critical you invest in educating your staff about cyber security risks.
Image Credit: Adobe Stock