silversurfer
Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
- Aug 17, 2014
- 10,154
Read more below:Phishers behind a new campaign have switched to using compromised SharePoint sites and OneNote documents to redirect potential victims from the banking sector to their landing pages.
The attackers take advantage of the fact that the domains used by Microsoft's SharePoint web-based collaborative platform are almost always overlooked by secure email gateways which allows their phishing messages to regularly reach their targets' inboxes.
The emails sent as part of this new phishing campaign are delivered from compromised accounts and will ask the targets to review a legal assessors proposal via an URL embedded within the message as Cofense Cyber Incident Response researchers discovered.
"SharePoint is the initial delivery mechanism to deliver a secondary malicious URL, allowing the threat actor to circumvent just about any email perimeter technology," found Cofense.
This URL links to an attacker-controlled SharePoint site created using a hacked account hosting a maliciously crafted OneNote document designed to be illegible and asking the targets to download the full version via an embedded link which actually sends the bank employees to the phishing page.
Hacked SharePoint Sites Used to Bypass Secure Email Gateways
Phishers behind a new campaign have switched to using compromised SharePoint sites and OneNote documents to redirect potential victims from the banking sector to their landing pages.
www.bleepingcomputer.com
Phishing Emails Using SharePoint Slip Past Gateway | Cofense
Symantec's gateway is not foolproof. Learn how phishing emails using SharePoint managed to slip past and attack banks.
cofense.com