According to the latest security research, a new phishing campaign has come into the limelight. The campaign is exploiting SharePoint with malicious links to which is impacting almost every 10th Office 365 user worldwide. This report has been revealed after observing the same for the past two weeks.
Named Dubbed PhishPoint, the new phishing campaign bested SharePoint to collect end-user credentials. The cyber-snoops are making such attacks happen by inserting malicious links directly into the SharePoint files in order to harm Office setup 365.
Victims are receiving emails containing an invitation to open a SharePoint document or file. The format of the email is similar to a standard SharePoint invitation, which makes it look genuine. Upon clicking the document, the browser automatically opens the file, which in turn initiates a standard SharePoint request to fetch a OneDrive file. The file includes a malicious hyperlink labeled as Access Document.
Once you click that link, you automatically get redirected to Office 365 (that can be downloaded from www.office.com/setup) login screen where you enter your credentials and it immediately gets stored to the threat actor’s servers. Office 365 scans all links in the emails to block the suspicious ones immediately, but it is not working in favor as the links lead to an actual SharePoint document.
You can also say that the company’s security protocol when it comes to diagnosing the blacklisted or already discovered malicious links only goes skin-deep. The protocols are uncertain about the authenticity of the links being shared with the SharePoint files. This is a serious issue as it cannot be easily fixed, so there is a great need to pay attention to the files you access and the links it includes.