Take this case, for example, the Microsoft login page looks authentic, until you take a closer look at the address bar.
#MICROSOFT ONE DRIVE SCAM HOW TO#
Learn how to identify phishing attemptsĭifferentiating phishing pages from legitimate ones may be difficult since they are made to be this way, but not impossible. Here are some more pointers on how to boost your company’s cyber-resilience. To safeguard your endpoints and network against the latest phishing campaign, prevention is of the utmost importance. How to protect your endpoints against phishing attempts
To recapitulate: user receives a message on LinkedIn containing the phishing link → user redirected to fake OneDrive dashboard →after opening the file “Business Innovation.docx”, the user is, once again, redirected to a fake Microsoft account login page → user inputs credentials and clicks on “Log in” → third redirect to blank or 404 page. The subsequent attempt called up a blank browser page. During the first round, the redirect page returns a type 404 error. Attempts to reproduce the steps leading to the Microsoft account compromise led to two distinct versions. Upon entering the requested credentials (email, phone number or Skype handle and Microsoft password), the user will again be redirected, but, this time to an error page. As I’ve mentioned, the user will be redirected to the Microsoft account login page even if he’s signed in. However, all the buttons and hyperlinks only have an aesthetical function – if the user clicks or taps on any of the buttons and/or hyperlinks, a second redirect will occur, leading the user to what appears to be a Microsoft account login screen.ĭespite having the same ‘demeanor’ as Microsoft’s Sign In page, this is a credential-stealing form. The first bounce leads the user to what appears to be a OneDrive dashboard.Īn outward examination of the cloned OneDrive UI reveals no actionable information: it’s almost identical to Microsoft OneDrive’s official dashboard. Upon click or tap action, the user is redirected to another website: (domain blocked and sanitized by Heimdal™ Security). I hope all is well? I have shared a document with you via Onedrive, please see the shared document. In the observed cases, it’s from a person outside the user’s network. The LinkedIn user (business or personal profile) receives a message. Outlined here, are the results of Heimdal™ Security’s probing into the Linked OneDrive Phishing Campaign case. LinkedIn OneDrive Phishing Campaign – In-Depth Analysis
#MICROSOFT ONE DRIVE SCAM PASSWORD#
Regardless if you’re signed in or not, the fake platform will require you to input your credentials (username & password associated with your Microsoft account) to read and/or commit changes to its contents.įorensic analysis performed on domain and accounts has yielded no actionable intel – ‘burner(able) LinkedIn accounts’, no registrar info on Who.is and the names appended to the malicious accounts appear to have been generated with some sort of online tool. Once the victim performs a click or tap action on the OneDrive link, the browser will redirect him/her to the fraudulent OneDrive page. The lure is a Microsoft Word document shared via OneDrive (private session). In 80% of cases, the malicious actors aimed at business owners or decision-makers. OverviewĬoined the LinkedIn OneDrive Phishing Campaign, the malicious actors behind the latest credential-stealing operation are using fabricated LinkedIn profiles to get in touch with their victims. Heimdal Security™ will continue to monitor all online channels. To date, no identity cases have been registered. The intel gathered so far, suggests that the malicious operation indiscriminately targets business and personal accounts in an attempt to harvest Microsoft login credentials. Heimdal™ Security’s Incident Investigation and Response Department have recently discovered a new phishing campaign that aims to compromise LinkedIn accounts.
0 kommentar(er)
