The days of including a phishing link in the body of an email are over. Mail filters now catch this scam with almost a 100% accuracy. Cybercriminals are continuously coming up with new techniques to obtain corporate login passwords because of this. A pretty intriguing technique that uses entirely legal SharePoint servers was just just discovered by our team.
In this article, we outline the scheme’s operation and discuss potential red flags for employees to be aware of. An ordinary notification that a file has been shared is sent to the employee. This is unlikely to inspire mistrust. It is a real notification from a real SharePoint server, which is why.