Skip to content

Menu

  • HOME
  • NEWS
    • Android
    • Artificial Intelligence (AI)
    • Cloud Computing
    • Digital Transformation
    • Internet of Things (IoT)
  • PRODUCTS
    • Desktops
    • Home Security Systems
    • Laptops
    • Printers
    • Routers
    • Servers
    • Smartwatches
    • Storage
    • Streaming Devices
  • SECURITY
    • Antivirus
    • Cybersecurity
  • FINANCE
  • HEALTHCARE
  • SUSTAINABILITY
  • DEVELOPMENT
  • EDUCATION
  • CAREER
  • RETAIL

Archives

  • June 2022
  • May 2022
  • April 2022
  • March 2022
  • February 2022
  • January 2022
  • December 2021
  • November 2021
  • October 2021
  • September 2021
  • August 2021
  • July 2021
  • June 2021
  • May 2021
  • April 2021
  • March 2021
  • December 2020
  • October 2020

Calendar

May 2025
MTWTFSS
 1234
567891011
12131415161718
19202122232425
262728293031 
« Jun    

Categories

  • Android
  • Antivirus
  • Artificial Intelligence (AI)
  • Automobili
  • Bitcoins
  • Blockchain
  • CAREER
  • Cloud Computing
  • Cybersecurity
  • DEVELOPMENT
  • Digital Transformation
  • EDUCATION
  • FINANCE
  • HEALTHCARE
  • Home Security Systems
  • IGAMING
  • Internet of Things (IoT)
  • Laptops
  • NEWS
  • Printers
  • PRODUCTS
  • RETAIL
  • Routers
  • SECURITY
  • Servers
  • SERVICE
  • Smartwatches
  • Storage
  • Streaming Devices
  • SUSTAINABILITY

Copyright IT-Technews 2025 | Theme by ThemeinProgress | Proudly powered by WordPress

HOT
Why are multiwallet apps useful?
logo itechnews
  • HOME
  • NEWS
    • Android
    • Artificial Intelligence (AI)
    • Cloud Computing
    • Digital Transformation
    • Internet of Things (IoT)
  • PRODUCTS
    • Desktops
    • Home Security Systems
    • Laptops
    • Printers
    • Routers
    • Servers
    • Smartwatches
    • Storage
    • Streaming Devices
  • SECURITY
    • Antivirus
    • Cybersecurity
  • FINANCE
  • HEALTHCARE
  • SUSTAINABILITY
  • DEVELOPMENT
  • EDUCATION
  • CAREER
  • RETAIL
  • You are here :
  • Home
  • SECURITY
  • Email Vulnerability Pandemic.
Email Vulnerability Pandemic.
October 8, 2021

Email Vulnerability Pandemic.

SECURITY Article

Are All Emails Worth Opening?

According to Microsoft, phishing attacks have become the preferred practice of cyber criminals.

As attackers are seen using various techniques, tactics, and procedures (TTP’s) to lure targets, common phishing types include impersonating usernames, organizational domains, using cloud storage to host phishing kits and engaging in social engineering attacks with specially crafted attachments that look like attachments commonly used by an organization.

A common phishing practice is to steal account credentials via a phishing email and to use that compromised account to send out phishing emails to contacts listed in that account. Such attacks can leave both the account holder and their contacts vulnerable.

To tackle this threat, many organizations are now deploying email security gateways. This, however, is no longer enough. Even with this in place, user accounts can still become compromised by attackers. These accounts are then used to launch further sophisticated phishing attacks.

Phishing Attack Example

The below phishing attack example begins with a user receiving an email from a compromised third-party sender, with the subject line containing “share a folder”. The email asks for the recipient to open the link in the email body to access the shared folder, which contains a link to the senders SharePoint Online account.

Email Vulnerability Pandemic.Email format, so the Subject line and Email body, is like the format auto generated by SharePoint whenever any user account is given access to any file or folder on SharePoint. It appears to be a legitimate sender, with no clear indications of the email being a phishing attack. But it is the link in the email that directs the user to OneNote hosted on Senders SharePoint Online. Again, this easily evades controls that are placed to detect risky URLs.

As shown in the below image, once the user clicks on the link, OneNote document is displayed which contains the hyperlink to the phishing page.

In most cases, a phishing page is hosted on subdomains of “glitch.me”.

Once the credentials are entered, with the belief that the links are genuine, and login button is clicked, JS script runs and gathers information entered in the form and posts it to another third-party website that the attacker has hold of. The victim is then displayed as a legitimate PDF file on the legitimate website to match the narrative built by the attacker. This is again done to ensure that the attacker is successful in gaining credentials without the user noticing the fraud.

The compromised mailbox is then used to send similar emails providing access to folders to all the email contacts. And the chain goes on.

The reason for sharing the folder and not the file is to bypass various security controls, because the threat is underneath, waiting for user to click. There could be business reasons for sharing a folder, but this needs inspection from your Security team as security controls cannot detect this example of a phishing campaign.

Recommendations

SecurityHQ analysts recommend the following actions:

  1. Audit and verify all emails from external senders sharing links to access folders.
  2. If you receive such an email, activate a phishing incident response plan.
  3. Investigate the mail body and follow the links within.
  4. Check for any redirectors that take you to third-party sites asking for credentials.
  5. Do not allow non-standard TLD’s (Top Level Domains).
  6. Monitor for Secure File/anonymous/company shareable link creation in Online SharePoint.
  7. Closely monitor mailbox logins for the users who clicked on the phishing link.

SecurityHQ Analysts have seen 100% true positive cases, especially when shared folder name matches with sender’s domain or company name.

You may also like

Google Cybersecurity Centre of Excellence to Open in Spain’s Sunny Southern Coast

UK Government Looking to Potentially Ban Chinese Hikvision Cameras

What Will The Alarm Systems of the Future Look Like?

Tags: Microsoft, phishing

Categories

  • Android (3)
  • Antivirus (1)
  • Artificial Intelligence (AI) (20)
  • Automobili (6)
  • Bitcoins (6)
  • Blockchain (8)
  • CAREER (18)
  • Cloud Computing (15)
  • Cybersecurity (28)
  • DEVELOPMENT (20)
  • Digital Transformation (62)
  • EDUCATION (20)
  • FINANCE (99)
  • HEALTHCARE (98)
  • Home Security Systems (2)
  • IGAMING (12)
  • Internet of Things (IoT) (28)
  • Laptops (8)
  • NEWS (351)
  • Printers (2)
  • PRODUCTS (90)
  • RETAIL (31)
  • Routers (8)
  • SECURITY (60)
  • Servers (13)
  • SERVICE (12)
  • Smartwatches (2)
  • Storage (2)
  • Streaming Devices (13)
  • SUSTAINABILITY (56)
  • Contact
  • Pressrelease
  • Newsletter sign up
  • IT Media Group
    • IT-KANALEN.SE
    • IT-KANALEN.DK
    • IT-RETAIL.SE
    • IT-FINANS.SE
    • IT-KARRIÄR.SE
    • IT-HÅLLBARHET.SE
    • IT-PEDAGOGEN.SE
    • IT-HÄLSA.SE
    • IT-TECHNEWS.COM ENGLISH

Copyright IT-Technews 2025 | Theme by ThemeinProgress | Proudly powered by WordPress