Connect with us

Hi, what are you looking for?


Phishing scam uses Sharepoint and One Note to follow passwords.


Right here’s a phishing electronic mail we obtained not too long ago that ticks all of the cybercriminal trick-to-click packing containers.

From BEC, via cloud storage to an innocent-sounding One Observe doc, proper into hurt’s approach.

As an alternative of merely spamming out a clickable hyperlink to as many individuals as attainable, the crooks used extra labyrinthine methods, presumably within the hope of avoiding being only one extra “sudden electronic mail that goes on to an unlikely login web page” rip-off.

Satirically, whereas mainstream web sites consider what they name frictionlessness, aiming to get you from A to B as clicklessly as attainable, some cybercrooks intentionally add additional complexity into their phishing campaigns.

The concept is to require just a few additional steps, taking you on a extra roundabout journey earlier than you arrive at an internet site that calls for your password, so that you just don’t leap straight and suspiciously from an electronic mail hyperlink to a login web page.

Right here’s the phish unravelled so you possibly can see the way it works.

Levels of assault

First, we obtained an harmless wanting electronic mail:

Phishing scam uses Sharepoint and One Note to follow passwords.
This one really got here from the place it claimed – the proprietor of a superbly authentic UK engineering enterprise, whose electronic mail account had evidently been hacked.

We didn’t know the sender personally, however we’re guessing he was a Bare Safety reader and had corresponded with us previously, so we appeared in his tackle ebook together with a whole bunch of different folks.

We assume that lots of the recipients corresponded with the sender usually and wouldn’t solely be inclined to belief his messages but in addition to count on attachments referring to enterprise and initiatives they’d been discussing.


what is clone phishing,spear phishing,social engineering,ku antivirus,ku virus,ku it security,remote desktop ku,ku sso,two factor authentication ku

You May Also Like


Introduction In previous articles we have talked about images of dockers, the origin and functioning of dockers and the dockers’ hub. In this document...


Linux desktops are good in many ways, but like Windows they are not known as the most efficient battery. This does not mean that...


The United States Supreme Court has indicated that it will finally solve a problem that has been causing legal problems for almost two decades:...


To secure your AWS assets, follow these AWS Identity and Access Management (IAM) guidelines. Locking the Root User Access Key for AWSAccount You use...