sb-eu logo
Story image

Phishing scam imitates SharePoint & OneNote for nefarious clicks

08 Sep 2020

Phishing scams continue to play on the popularity of remote working and collaboration tools, as scammers seek to take advantage of unwitting victims.

A recent report from Sophos indicates one of the most recent tactics attackers are using to conduct their scams uses collaborative platforms SharePoint and OneNote.

Sophos researchers say that the attackers take a slightly different approach to the standard ‘fake login’ phishing email.

The scams start with an email that is actually from a genuine company – but the company has likely been hacked and email addresses have been compromised. By coming from a ‘genuine’ sender, the scams are more likely to work because the intended victims trust the sender more than they would trust a stranger.

The email contains an attachment that asks victims to use SharePoint to access a OneNote file. 

“The SharePoint link you’re expected to click to access the One Note file does look suspicious because there’s no clear connection between the sender’s company and the location of the OneNote lure. But the sender’s business relates to construction, and the domain name in the SharePoint link apparently refers to a building company, so the link is at plausible, at least,” Sophos researchers note.

When victims open the OneNote file, there is a link that takes them to a fake login page. In one case, the login page was stuck on a hacked WordPress site.

The login page is supposed to tempt users into entering their details to access an Excel file. Those who enter their details then hand their information over to the attackers.

Sophos principal research scientist Paul Ducklin provides a few pointers:

  • Don’t click login links that you reach from an email. That’s an extension to our usual advice never to click login links that appear directly in emails. Don’t let the crooks distract you by leading you away from your email client first to make their phishing page feel more believable when you get there. If you started from an email, stop if you hit a password demand. Find your own way to the site or service you’re supposed to use.
  • Keep your eyes open for obvious giveaways. As we’ve said many times before, the only thing worse than being scammed is being scammed and then realising that the signs were there all along. Crooks don’t always make obvious mistakes, but if they do, make sure you don’t miss them.
  • If you think you put in a password where you shouldn’t have, change it as soon as you can. Find your own way to the official site of the service concerned, and log in directly. The sooner you fix your mistake, the less chance the crooks have of getting there first.
  • Use 2FA whenever you can. Accounts that are protected by two-factor authentication are harder for crooks to take over because they can’t just harvest your password and use it on its own later. They need to trick you into revealing your 2FA code at the very moment that they’re phishing you."
Story image
Malware and email scams targeting employees spread rapidly in Q2
"Businesses must stay alert and should employ defense-in-depth tactics and equip themselves with multilayered security mechanisms, including high-sensor spam filters and a VPN connection, which would prevent malicious pages from opening."More
Story image
Spending on managed security services in A/NZ to grow despite COVID headwinds
COVID-19 has changed security priorities significantly, and managed security services in A/NZ are set to benefit. More
Story image
Proofpoint and CyberArk extend partnership to further safeguard high-risk users
“Our CyberArk partnership extension provides security teams with increased detection and enhanced adaptive controls to help prevent today’s most severe threats."More
Story image
McAfee finds vulnerabilities in 'temi' the videoconferencing robot
Temi is commonly used in environments including businesses, healthcare, retail, hospitality, and other environments including the home.More
Story image
Gartner: By 2023, 65% of the world will have personal data covered under modern privacy regulations
“Security and risk management (SRM) leaders need to help their organisation adapt their personal data handling practices without exposing the business to loss."More
Story image
ESET launches the latest version of its Mobile Security solution
“With this latest version of ESET Mobile Security, we want to ensure our users feel completely secure when performing financial transactions on their devices, in addition to being protected from malware and phishing attempts."More