The email rar attachment contains an exe file: the first malware, which downloads the second. The stolen data is exfiltrated via SMTP.
New SharePoint-themed phishing campaign.The goal is to steal the credentials via a fake landing page. Victims have three attempts to digit the password, all of which will be wrong
A new SharePoint-themed phishing campaign is on the wild, targeting people worldwide. The bait is a shared file with the victim’s email, called “Scanned Document.pdf”.
The user is tricked to open a link to view the document. It directs to a fake SharePoint page in which the victim’s email address is already fixed. Only the password has to be digited. However, any alphanumeric combination after three attempts will show an error message and a link to access the real Microsoft Online login page will appear. Meanwhile, cybercrime actors behind the scam will have stolen the credentials. Moreover, the three attempts is a trick to steal more user’s passwords that can be used also for different services/software.