Skip to content
NGTEdu Logo

NGTEdu

A PRODUCT OF NGTECH.CO.IN

NGTEdu Logo

NGTEdu

  • Home
  • Cyber Attacks
  • Malware
  • Vulnerabilities
  • Data Breach
  • Home
  • Cyber Attacks
  • Phishers Using Fake Sharepoint Messages to Target Office 365 Details
  • Cyber Attacks
  • Data Breach
  • Vulnerabilities

Phishers Using Fake Sharepoint Messages to Target Office 365 Details

6 years ago David Bisson
Phishers Using Fake Sharepoint Messages to Target Office 365 Details

Phishers leveraged fake automated messages from collaborative platform Sharepoint as a means to target users’ Office 365 credentials.

Abnormal Security found that the phishing campaign began with an attack email that appeared to be an automated message from Sharepoint.

To add legitimacy to this ruse, the attackers used spoofing techniques to disguise the sender as Sharepoint. They also didn’t address the email to a single employee but included multiple mentions of the targeted company.

Screenshot of attack email (Source: Abnormal Security)

The malicious actors used those tactics in the hope that at least one employee would fall for the phish and click on the “View xx Documents” hyperlink.

Once clicked, that link used a series of redirects to send the recipient to a landing page disguised to look like a secure Sharepoint file. It also employed Sharepoint and Microsoft branding to convince the user that it was safe to submit their credentials in order to view the file.

Alternatively, the landing page prompted the user to download a PDF document that then redirected them to another malicious site.

Abnormal Security put the risks of this campaign into context:

If the recipient falls victim to this type of attack, their credentials are compromised, as well as any data stored on their account. This places employees and their networks at considerable risk as attackers can launch internal attacks to steal more credentials and information from the organization.

This wasn’t the first time that Sharepoint played some role in nefarious individuals’ efforts. Back in September 2019, for instance, security researchers spotted a phishing campaign that used SharePoint to bypass email gateway and other perimeter technologies. It was less than a year later when security analysts found that attackers were using fake emails from Sharepoint as well as exploiting the fact that email gateways turn a blind eye to links to popular sites such as YouTube in order to phish passwords.

These attack attempts highlight the need for organizations to defend themselves against a phishing attack. They can do so by educating their users about some of the most common types of phishing campaigns in circulation today.

 

 

The post ” Phishers Using Fake Sharepoint Messages to Target Office 365 Details” appeared first on TripWire

Source:TripWire – David Bisson

Tags: Encryption, Exploit, Microsoft, Phishing, TripWire

Continue Reading

Previous QSnatch Data-Stealing Malware Infected Over 62,000 QNAP NAS Devices
Next Why is smartphone security so important?

More Stories

  • Cyber Attacks
  • Data Breach
  • Vulnerabilities

FBI Warns Russian Hackers Target Signal, WhatsApp in Mass Phishing Attacks

1 day ago [email protected] (The Hacker News)
  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach
  • Vulnerabilities

Oracle Patches Critical CVE-2026-21992 Enabling Unauthenticated RCE in Identity Manager

1 day ago [email protected] (The Hacker News)
  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

CISA Flags Apple, Craft CMS, Laravel Bugs in KEV, Orders Patching by April 3, 2026

1 day ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Malware

Trivy Supply Chain Attack Triggers Self-Spreading CanisterWorm Across 47 npm Packages

1 day ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

Trivy Security Scanner GitHub Actions Breached, 75 Tags Hijacked to Steal CI/CD Secrets

2 days ago [email protected] (The Hacker News)
  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

Critical Langflow Flaw CVE-2026-33017 Triggers Attacks within 20 Hours of Disclosure

2 days ago [email protected] (The Hacker News)

Recent Posts

  • FBI Warns Russian Hackers Target Signal, WhatsApp in Mass Phishing Attacks
  • Oracle Patches Critical CVE-2026-21992 Enabling Unauthenticated RCE in Identity Manager
  • CISA Flags Apple, Craft CMS, Laravel Bugs in KEV, Orders Patching by April 3, 2026
  • Trivy Supply Chain Attack Triggers Self-Spreading CanisterWorm Across 47 npm Packages
  • Trivy Security Scanner GitHub Actions Breached, 75 Tags Hijacked to Steal CI/CD Secrets

Tags

Android APT Bug CERT Cloud Compliance Coronavirus COVID-19 Critical Severity Encryption Exploit Facebook Finance Google Google Chrome Goverment Hacker Hacker News High Severity Instagram iPhone Java Linux Low Severity Malware Medium Severity Microsoft Moderate Severity Mozzila Firefox Oracle Patch Tuesday Phishing Privacy QuickHeal Ransomware RAT Sim The Hacker News Threatpost TikTok TripWire VMWARE Vulnerability Whatsapp Zoom
Copyright © 2020 All rights reserved | NGTEdu.com
This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Read More here.Cookie settingsACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT