As businesses become savvier to phishing campaigns and develop powerful tools to combat them, cybercriminals are simultaneously finding new exploits to carry out attacks. Case in point? A new two-step phishing campaign exploits Microsoft tools in a new approach.
Devious Two-Step Phishing Techniques Are a New Development in Deception
Most businesses have protections to detect phishing emails, ranging from email security software to employee education. Knowing that there’s a strong possibility that their malicious messages won’t ever reach their targets, hackers are using new and more nefarious approaches to evade detection. In most cases, this means that instead of delivering malware or other harmful content directly to the recipient, they send people to other platforms to carry out the attack.
One common form of this attack is tricking visitors into visiting fake Microsoft 365 login pages by posing as HR or IT. Unsuspecting users visit the compromised site, where the attackers steal their login credentials, install malware, and more.
The latest version of these credential harvesting schemes exploits trusted platforms like Microsoft SharePoint. Hackers use Microsoft Visio, a diagram creation tool, to spread malicious links, hiding the links into files that arrive in messages appearing to come from colleagues or clients.
Hackers rely on compromised email accounts to launch campaigns using these Microsoft tools since it’s less likely that the email security system will flag them. The messages contain information that typically requires immediate action, spurring the recipient to click the link and end up in a malicious SharePoint file.
In addition to evading email security, these attacks include a failsafe to ensure automated security tools can’t catch them. Hackers embed a clickable button in the Visio file with instructions to hold the CTRL key when clicking it, effectively manually overriding the security tool.
Protecting Your Company From Sophisticated Phishing Schemes
When this two-step phishing campaign successfully exploits Microsoft tools, the hacker not only gets the victim’s credentials but can also deliver additional malware for further attacks on your company’s assets. The layered approach supports email security evasion, so your company must take proactive steps to avoid falling victim to this latest hacker trick.
The surge in SharePoint phishing attacks stems from compromised email accounts, underscoring the need to invest in robust email security. Implementing multifactor authentication mechanisms can help keep hackers from using stolen credentials to access the system.
Security experts recommend implementing a multi-layered approach to combating a two-step phishing campaign that exploits Microsoft tools:
- Investing in advanced threat detection solutions that identify and flag suspicious links and files.
- Keep up with software updates and backups to reduce the risk of getting caught in a phishing scam.
- Educating teams about new threats, fake messages, identification, and policies about clicking links in emails.
- Implement authentication mechanisms to reduce the impact of compromised accounts.
Addressing phishing threats can feel like playing whack-a-mole. Every time you address one threat, another pops up in its place. Staying vigilant and aware of emerging methods will help keep your business safe.
