Posted on Leave a comment

Hackers Using Microsoft SharePoint Lures For Phishing Campaign.

Microsoft researchers discovered that the hackers are using spoofed sender addresses  through the usual security protections to fool the people on credential harvesting attacks.

The companies security intelligence team has taken up to twitter to post about this campaign details which uses O365 with file sharing feature of SharePoint.

The email entices the victims by disguising as the file-share request from colleague which includes a phishing link which redirects them to Office 365 that requires them to sign in using victim’s legitimate credentials.

The emails contain two URLs that have malformed HTTP headers. The primary phishing URL is a Google storage resource that points to an AppSpot domain that requires the user to sign in before finally serving another Google User Content domain with an Office 365 phishing page,“.

The second URL is embedded in the notifications settings links the victim to a compromised SharePoint site. Both URLs require sign-in to get to the final page, allowing the attack to bypass sandboxes. ” stated by Microsoft.

Leave a Reply