Distract victims by leading them through multiple platforms until they lose caution and become trusting enough to supply login credentials!

With a revolution in remote working, collaborative tools such as SharePoint and OneNote are now more useful than ever. However, this has also presented more opportunities for cybercriminals to target remote workers. 

A recent phishing scam used SharePoint and OneNote platforms to go after passwords. Instead of simply spamming out a clickable link to as many people as possible, the cybercrooks used more devious, contrarian techniques, presumably in the hope of avoiding being just one of the ‘unexpected email that goes directly to an unlikely login page’ scams.

Cunning multi-step distractions

The method injects a few extra steps into a typical scam, taking the victim on a more-roundabout journey before being led to slaughter.

Instead, the victim is presented with a Sharepoint link, which leads to a One Note link that supposedly contains a PDF file. Only when one clicks on the Review Document button does the fake login page show up— three steps removed from the original email, complete with animated imagery suggestive of Office 365.

Precautions to adhere to

According to Sophos’ Principal Research Scientist Paul Ducklin the following practices can help companies stay secure:  

• Abstain from clicking click login links that you reach from an email by anyone, even trusted contacts. 
• Keep your eyes open for obvious giveaways—Be cautious if any email behavior leads you away from the email client to any login page. Stop everything if you hit a password demand. 
• Change your password immediately if you fell for a scam. Find your own way to the official site of the service concerned, and login directly. The sooner you fix your mistake, the less chance the crooks have of getting there first. 
• Use 2FA or MFA whenever you can. 

Finally, train and condition staff to handle simulated phishing-like attacks so they can learn better!