The SharePoint file advises the user that the content they are looking for has been uploaded to OneDrive for Business and a further click is necessary to access the file. This SharePoint phishing scam includes a hyperlink to a genuine SharePoint document, which may not be flagged as malicious since the file itself does not contain malware. The latest scam uses messages that appear to be standard quests to collaborate on SharePoint. However, due to the value of Office 365 accounts, hackers are increasingly conducting attacks to gain access to Office 365 credentials. JavaScript and VB scripts are also used to achieve that aim. The documents usually contain malicious macros which download the malware payload if allowed to run. Most of these scams are concerned with spreading malware. The messages appear at face value to be genuine attempts by employees and contacts to collaborate through the sharing of files. The scam emails used in this campaign are similar to those used in countless Google Docs phishing scams. those credentials are subsequently used to gain access to sensitive company information stored in the cloud and email accounts which can be used in phishing and business email compromise attacks. A new SharePoint phishing scam has been detected which attempts to steal Office 365 credentials from business users.
0 kommentar(er)
