What’s the matter?
Researchers from Cofense spotted a new phishing campaign that uses SharePoint sites to bypass secure email gateways and target banks with phishing URLs.
“Using enterprise services like SharePoint almost guarantees the phishing URL will be delivered to the intended target,” researchers said.
How does this campaign work?
Phishing emails disguised as proposal documents are sent to the banking targets from a compromised account.
“The phishing page is a cheap imitation of the OneDrive for Business login portal. There the recipient is given two options to authenticate: with O365 login credentials or credentials from any other email provider. We see this tactic quite often, as it increases the chances that the recipient will log in,” researchers described.
Cofense researchers also identified a phishing exploit kit in this campaign. The exploit kit is part of a series of “hacking tools” built and sold by BlackShop Tools.