These attacks can fool even savvy users because the link points to a legitimate service which lowers their guard. ![]() However, while the link itself is safe, it leads the user towards a harmful action. Since a trusted file share provider is safe, the URL receives no further scrutiny and makes it into the end user’s inbox. ![]() Most anti-malware email security scans look for malicious links. When the user clicks on the malicious link, it redirects to a spoofed Office 365 login screen, which asks them to enter their login credentials, which are then harvested by hackers. However, the ‘Access Document’ button on the file has a hyperlink to a malicious URL. The content of the SharePoint file impersonates a standard access request to a OneDrive file, so everything looks normal. When the user clicks on the link, the browser automatically opens a SharePoint file. The hacker sends a genuine-looking email that points to a file hosted on a legitimate sharing service, most commonly Microsoft’s OneDrive. ![]() We know of several businesses locally that have been affected by this type of attack.Īttackers are now bypassing anti-malware email security scans by embedding malicious links within shared files on SharePoint and other trusted sites like Box, G Suite and Dropbox. There’s a new phishing attack that cyber criminals are using to target Microsoft Office 365 users.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
February 2023
Categories |