Recently, a phishing campaign discovered targeting Office 365 users that include SharePoint, said The Cofense Phishing Defense Center (PDC). The phishing campaign from hackers are targeting users especially those who work from home, a phishing mail is sent, claiming to require an email signature with an urgent demand. It was discovered in an environment protected by Microsoft’s own secure email gateway (SEG) and was successfully bypass by its security.
The hackers use a legitimate SharePoint document that needed a signature urgently, by this phish successfully bypass the SEG, it was reported that this is not the first time that a Spear-phishing campaign from last year in December bypassed the security gateway, hackers target almost 200 million Office users.
(Image credit: Cofense)
The message above seems to be fishing as the recipient asks ‘Urgently’ for the victim to take immediate action, this is one of the gimmicks that hackers usually use but never gets old, whenever there’s a request to take immediate like this usually is not from the native speaker. Cofense said that the recipients use hyperlinks, telling victims to log in and view the document, this could allow hackers to extract users’ personal data. It’s advisable for users to take precautions against any phishing threat and not to entertain any unknown recipients.