Since at least last summer, unknown cybercriminals have been sending e-mails to Office 365 users, hoping to swindle credentials out of them. According to the researchers who first uncovered this attack, up to 10% of all users of the service could have received such a message.
The scam e-mails look like standard invitations to collaborate in SharePoint. The recipient is prompted to open a document stored in OneDrive for Business. The trick is that the link in the e-mail really does point to a document in OneDrive for Business, but this document is disguised as an access request. The “Access Document” link at the bottom of the page redirects the victim to a third-party site masked as the Microsoft Office 365 login page.
Corporate workspaces are seen as more trustworthy than other resources, and users may be under the impression that outsiders cannot readily gain access to SharePoint services, so they boldly follow the link to the scam website. If the victim enters work credentials on this site, they will become available to the owners of the file.
With these credentials, cybercriminals can potentially get hold of all of the victim’s privileges, including access to e-mail, cloud storage, and confidential business information. Hiding behind a corporate account, scammers can steal sensitive information for competitors, spread malware, or use employee names and project information for spear-phishing purposes.
>> Read : Hunting for Office 365 accounts
Source : kaspersky