

Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.ĭisclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. So, what do you think? Do you have any mechanisms your organization uses to spot phishing attempts that you would like to share? Please share any comments you might have or if you’d like to know more about a particular topic. The battle against malware scammers continues. One thing we have done at CloudNine to help identify those is to mark any emails coming from an external source with an “*** External Email ***” marker inserted into the received email to help recipients identify those phishing instances. These phishing scammers can be very clever and can even mimic people from within your own organization to make you think you’re clicking on a link provided by a co-worker. The post also provides several recommendations to avoid getting caught by phishing scammers, including hovering with your mouse cursor over the hyperlink to make sure the link is actually the site it claims to be, being wary of any unsolicited or uncharacteristic requests to input your credentials and using two-factor authentication on every site that offers it, among others. Some of the phishing kits even have their own defense mechanisms that enable them to fly under the radar and avoid blacklisting. And since the messages aren’t branded with visual identities of specific companies, these campaigns likely target a wide pool of organizations, not just a few select companies. Fake invitations to files hosted on SharePoint Online, outstanding payments for Office 365 subscriptions, or notices of upcoming account termination are the most common lures used to persuade victims into giving away their credentials. These phishing kits are usually stored on legitimate-but-compromised websites and are linked to in generic communication. As more and more organizations are moving to cloud-based solutions, phishers themselves are adjusting their techniques to steal credentials via existing attack tools, such as phishing kits. Stolen corporate domain usernames and credentials are in high demand on the dark web and underground specialized forums. Researchers feel this is a dangerous oversight. Even if it did, it still couldn’t blacklist a malicious URL inside the document without blacklisting links to all SharePoint files. While Microsoft’s link-scanning security layer does sniff out malicious links in the body of an email, it does not scan the links inside a linked SharePoint document. Victim attempts to login, at which point their credentials are harvested by the PhishPoint authorsĮxploited properly, the scam can easily lead to a catastrophic data breach.Victim clicks on “Access Document” hyperlink that leads to a spoofed Office 365 login screen.SharePoint file impersonates a standard access request to a OneDrive file.Victim’s browser automatically opens a SharePoint file.Victim clicks the hyperlink in the email thinking it is a legitimate work document.Email body is identical to a standard SharePoint invitation to collaborate.Victim receives email containing a link to a SharePoint document.This new attack has impacted an estimated 10% of Office 365 users worldwide.Īs reported in Bitdefender ( The Underrated Importance of Training Your Staff to Spot Devious Phishing Attacks, written by Filip Truta, and covered by Sharon Nelson’s excellent Ride the Lighning blog), PhishPoint, as the campaign is dubbed, has a variant that most other phishing scams don’t: it goes beyond email and uses SharePoint to harvest end-users’ credentials. According to a recent blog post, there’s a new phishing campaign where the scammers are taking advantage of a small, but serious oversight in Microsoft’s Office 365 suite of online services to serve phishing emails that are visually indistinguishable from work-related emails and appear completely safe.
