We recommend using the indicators above to block the delivery of this threat, find associated emails that have already been delivered, and remove them from user inboxes. The phishing lure purports to use a OneDrive excel document that would be accessible by clicking a link. However, emails have been observed originating from a mailserver at 31.7.59.82.Ĭurrently, we have not observed any malicious attachments associated with this campaign. HXXps://logincom:8081/officeįile “ Q4 Report – Dec19 (1).xlsx” Has Been Shared With You. However, the payload of the lure is the following link: The threat actor uses the credibility of a commonly seen business process, which disarms the victim. The lure itself is nothing special the themes, brand impersonation, and social engineering tactics present are well known in the industry. In this attack, more than a million Google Docs users were impacted by the phishing scheme that led to the threat actor gaining full access to email accounts and their contacts. This attack is similar to the one Google resolved in 2017, where a threat actor abused the Google Docs application feature. In this technique, the attacker sends a traditional phishing message impersonating an internal SharePoint and OneDrive file-share that uses social engineering to coerce the victim into clicking an embedded link. PhishLabs has uncovered a previously unseen tactic by attackers that uses a malicious Microsoft Office 365 App to gain access to a victim’s account without requiring them to give up their credentials to the attackers.
Most phishing campaigns use social engineering and brand impersonation to attempt to take over accounts and trick the victim into divulging their credentials. Security Awareness Training – Decrease risk with continuous behavioral improvement.Suspicious Email Analysis – Protect against threats that reach user inboxes.Data Leak Protection – Monitor and detect sensitive data leaks.
0 kommentar(er)
