Image

Image

The phishing page is a cheap imitation of the OneDrive for Business login portal. There the recipient is given two options to authenticate: with O365 login credentials or credentials from any other email provider. We see this tactic quite often, as it increases the chances that the recipient will log in.Further analysis by Salvia and his fellow researchers revealed that the campaign used login.php to post credentials stolen from the phishing page to [@]gmail[.]com, another compromised account. By using SharePoint, malefactors empowered their campaign to evade most email perimeter technologies. It's therefore not surprising that this isn't the first instance in which phishers have used SharePoint. In fact, digital criminals are increasingly turning to SharePoint as a malware infiltration technique to steal users' Office 365 login credentials. This campaign highlights the importance of organizations taking steps to protect themselves against a phishing campaign. One of the best ways they can do this is by educating their employees about some of the most common types of phishing attacks in circulation today. Here's a great place to start.