The attack dubbed “PhishPoint” by Cloud Security vendor Avanan demonstrates the craftiness and extent cybercriminals will go to harvest Office 365 credentials. This latest attack uses several familiar aspects of Office 365 to lure potential victims into assuming it's legit.
Here’s how the PhishPoint attack works:
1. The user receives the malicious email –The email contains a link to a SharePoint Online-based document. The email creates a sense of urgency as most other phishing attacks.
2. The link directs to SharePoint – Attackers are using true-to-form SharePoint Online-based URLS, which adds credibility and legitimacy to the email and link, since the user is being directed to a known-good hosting site.
3. Users are shown a OneDrive prompt – The SharePoint file impersonates a request to access a OneDrive file (again, a known cloud entity), with an "Access Document" hyperlink that is actually a malicious URL, as shown below.
4. Users are presented with an Office 365 logon screen – Here is where the scam takes place. Using a very authentic-looking logon page where the cybercriminals harvest the user’s credentials.
PhishPoint marks an evolution in phishing attacks, where hackers go beyond just email and use SharePoint to harvest end-users' credentials for Office 365.
Essentially, hackers are using SharePoint files to host phishing links. By inserting the malicious link into a SharePoint file rather than the email itself, hackers bypass Office 365 built-in security. While this security flaw has since been resolved, these instances are constant reminders that scam artists are constantly looking for new ways to penetrate your business.
How to Protect Yourself
Like many of the phishing instances we've discussed and seen, these attacks are designed to be visually indistinguishable from work-related emails that appear safe.
At IT Solutions we have a number of processes in place to keep your data safe from attacks like this. If you're interested in learning about our advanced security package, talk to your vCIO or contact us today.