Our threat analyst team discovered yesterday (December 9th, 2020) two major phishing campaigns that have hit several enterprises across Europe. We have seen several reports from thousands of users from different countries and customer organizations.
According to the Whois data, both of the attacks have been originating from different Technology Institutions’ servers.
We assume that this could happen by attackers compromising the email servers or by getting access to someone’s corporate email account.
The phishing attacks
All the messages have been the same across all the organizations that have reported the attacks.
“Management has shared a file with you”
In this email, the attackers try to get people to click on the link to preview a document that the management shared with them.
Once the victim clicks the button, the link redirects the user to the attacker’s credential harvesting website. This website looks a lot like a real Microsoft login site, but you can tell that this is fake by looking at the domain in the browser’s URL field.
Nevertheless, the attack is rather apparent because of the email address/domain. If the message had been shared through Sharepoint, the email address would be either sharepointonline.com or microsoft.com.
”Helpdesk Action Requested”
This attack was phishing for login credentials. It’s a basic type of phishing attack, and those that hover over the link and watch out for the sender’s email address could easily recognize and would not fall for it.
Keep practicing safe email habits & reporting suspicious emails
To remain safe, remember to be cautious with all emails that you receive.
Do the following:
- Are you expecting the email? If no, be extra careful!
- Analyze the subject line: does it look odd?
- Who is the sender, and what is the email address? If the email address looks strange to you, it’s most likely a threat.
- If the email comes from a service provider, think about it twice whether it’s a legit email.
- Always hover on the link!
- If you are unsure, don’t click anything!
Finally, if the email has raised concerns, remember to report it to your security team according to your organization’s guidelines.