• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Jobs
  • Career
    • Cyber Security Training
    • Work from Home
    • Cyber Security Analyst
    • Remote Work – Six Ways to Keep Your Data Safe When Working Remotely
  • Field Guide
  • Newsletter Signup
  • Deals
  • News
AskCyberSecurity.com

AskCyberSecurity.com

Cyber Security News & Information

  • Home
  • Data Privacy
    • Gamers
    • Government Cyber Security
      • Legislation
      • Standards
        • What are the risks of computer security?
        • Medical Cyber Security
    • Social Media
  • Security
    • Data Breaches
    • Scams
    • Malware
  • Software
    • Apps
    • Web Browsers
  • Glossary
    • Cyber Security Acronyms
  • About Ask Cyber Security
    • Authors
    • Contact Us
  • VPN
    • How Do I Know If My VPN is Working?
    • Best Free VPN iPhone
    • Why Use a VPN?
    • NordVPN vs IPVanish
    • Private Internet Access Download
    • Best VPN for Streaming
      • TikTok VPN
    • VPN Porn
    • Computer Security Software – What You Really Need
  • Tutorials
  • ChatGPT
    • Does ChatGPT Save Data?
AskCyber Home » News » Data Breach » Hacked SharePoint Site Used to Phish Office 365 Credentials

Hacked SharePoint Site Used to Phish Office 365 Credentials

2019-09-05 by Michelle Dvorak

SharePoint Phish-Office Credentials

Hacked SharePoint Sites Are Being to Launch Phishing Email Attacks – Targets Banks

Hacked Microsoft SharePoint sites are being used to send phishing emails that beat most spam filters. Hackers are targeting financial services organizations mostly in the UK with this cyber attack. Cyber security researchers at Codefense discovered the phishing campaign designed to steal Office 365 credentials. Hackers use SharePoint, a content management system integrated with Microsoft Office 365, along with malicious emails to target British financial sector businesses. If a recipient clicks on the link in the initial email, they are sent to a compromised SharePoint site. The hacked site prompts the victim to review a OneNote document but attempting to download it sends the victim to a login credentials phishing page.

Common Hacked Passwords
Common Hacked Passwords

Because the embedded URL in the first email links to a SharePoint account and the email doesn’t contain malware or any suspicious attachments, it bypasses security checkpoints and spam filters.

Image Credit: Codefense Hacked SharePoint Site

SharePoint Phishing Campaigns – How it Works

The initial email comes from a compromised SharePoint account (independentlegalassessors.co.uk) which belongs to Independent Legal Assessors, a legitimate London based legal services firm.
The phishing emails contain typical office communications about legal issues, billing, or invoices. Recipients of the email are prompted to review legal information by clicking on a link to a SharePoint site. If the reader clicks on the link, it sends the reader to a compromised SharePoint site that contains a malicious OneNote document. The document is illegible and prompts the reader to download it by clicking on another URL. Attempting to download the document sends the victim to a spoofed OneDrive for Business site that functions as a credential phishing page. Victims are prompted to login with either Office 365 credentials or another username and password.

What is SharePoint?

SharePoint is an online content management system for businesses launched in 2001. It integrates with Microsoft Office. There are over 190 million users and 200,000 business customers. SharePoint is available in 47 languages. Although it is primarily a document storage and management system it is highly customizable. SharePoint users can belong to 5000 different groups likewise each group can have up to 5,000 users. There can be up to 10,000 groups in a site collection.

SharePoint Phishing Page
Image Credit: Codefense SharePoint Phishing Page

Phishing Attacks – How to Protect Against Them

Cybercriminals and hackers are increasingly using online content management systems such as Google Docs, Dropbox, SharePoint, and other business tools to launch phishing and malware attacks.

  • To protect against phishing attacks, users should consider implementing two-factor Authentication (2FA) for their online accounts if you’re not familiar with 2FA see our guide on how to factor Authentication can help you secure and protect login credentials
  • Businesses and individuals can also use an up-to-date anti-virus software to protect all electronic devices
  • Account passwords should be changed regularly, and the same password should not be used across multiple accounts.
  • Avoid using passwords and the annual most common password list.
How to Enable 2FA
How to Enable 2FA

Filed Under: Data Breach Tagged With: phishing

About Michelle Dvorak

Michelle writes about cyber security, data privacy focusing on social media privacy as well as how to protect your IoT devices. She has worked in internet technology for over 20 years and owns METRONY, LLC. Michelle earned a B.S. in Engineering from Rensselaer Polytechnic Institute. Michelle published a guide to Cyber Security for Business Travelers


LinkedInTwitterFacebook

Primary Sidebar

Subscribe to Our Free Newsletter

We Don't Share or Sell Your Info

Web Browsers

Where Are My Saved Passwords in Chrome?

Google Removes 70 Malicious Browser Add-ons from Chrome Web Store

Firefox 75 Reports Your Browser Settings to Mozilla

Categories

Cyber Security Field Guide

Computer Security While TravelingGet Our Cyber Security Field Guide - Available on Amazon!

Recent Posts

Security Marketing Manager – Remote

Sr. Associate, Cybersecurity Architect – Pfizer

Strategic Customer Success Manager – Cybersecurity – Opportunity for Working Remotely

Top 20 Passwords Leaked on Dark Web

ISU Cybersecurity Leader Job Opening

Cyber Security News

Top 20 Passwords Leaked on Dark Web

… [Read More...] about Top 20 Passwords Leaked on Dark Web

Apple Warns of Actively Exploited Zero-Day Flaw

… [Read More...] about Apple Warns of Actively Exploited Zero-Day Flaw

IRS Stops Facial Recognition System for Online Access

… [Read More...] about IRS Stops Facial Recognition System for Online Access

National Cybersecurity Alliance Announces Data Privacy Week

… [Read More...] about National Cybersecurity Alliance Announces Data Privacy Week

More Cyber Security News

Tags

amazon Android Apple bitcoin China chrome CISA credit card DarkSide DHS DOJ Equifax Europe Facebook facial recognition FBI Firefox FTC games GDPR Google Government hacker identity theft India iPhone Iran IRS LinkedIn Microsoft North Korea PayPal phishing phishing email ransomware REvil Russia smartphone T-Mobile TikTok tutorial VPN WhatsApp WiFi Windows

Government

CBP Looks to Access Airline Passenger Data

FTC Releases Cyber Threat Video Playlist

Malware Found on US Government Funded Phones

UK NCA Reaches Out to Youth to Deter Cybercrimes

More Posts from this Category

Footer

Menu

  • Home
  • About
  • Authors
  • Newsletter Signup
  • PRIVACY POLICY

Search

Why Use a VPN?

NordVPN vs IPVanish VPN Review

NAVIGATION

  • Data Breaches
  • Data Privacy
  • Gamers
  • Scams
  • Malware

MEMBER NJCCIC

New Jersey Cybersecurity & Communications Integration Cell

STAY CONNECTED

  • Facebook
  • Instagram
  • Pinterest
  • YouTube
  • Twitter
  • RSS

Copyright © 2023 · AskCyberSecurity.com · METRONY, LLC

Go to mobile version