Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

Microsoft warns top file hosting services hijacked for email scams

A digital representation of a lock.

Microsoft is warning of a new phishing campaign that abuses different privacy settings in cloud-based file hosting services to bypass security solutions and steal login credentials, deploy malware, and more.

In a blog post, the company outlined how crooks have been seen abusing SharePoint, OneDrive, and Dropbox services in their attacks.

First, the attackers would compromise a person’s cloud hosting account - they can either purchase an account on the black market, or obtain the login credentials elsewhere. Then, they would use these credentials to upload a document to one of these services. The document is usually a fake Microsoft 365 login page, which serves not only to steal people’s credentials, but also to grab MFA codes and one-time passwords, too. Alternatively, the file can contain a link to a malicious site, where victims would share their login credentials, download malware to their devices, or similar.

Abusing privacy settings

Here is where it gets interesting - cloud-based file hosting services have security solutions that scan for malicious links and files. However, depending on the document’s privacy settings, security solutions may not be allowed to scan it.

“To bypass analysis by email detonation systems, the files shared in these phishing attacks are set to ‘view-only’ mode, disabling the ability to download and consequently, the detection of embedded URLs within the file,” Microsoft explained.

Alternatively, the hackers would restrict access to the document only to designated recipients, to the same result.

To make matters worse - the threat actors are not distributing these files in the traditional phishing way. Instead, when they grant access to the document only to specific accounts, the cloud service sends an email notification to those accounts. Consequently, the victims get an email from a reputable source, further boosting the perceived legitimacy of the email.

The best way to defend against such attacks is to use common sense and be extra careful when receiving email messages, regardless of who they’re coming from.

Via The Hacker News

More from TechRadar Pro

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.