Cyber Security

New Phishing Campaign Found in Microsoft’s own Secure Email Gateway (SEG) Uses SharePoint Documents

The Cofense Phishing Defense Center (PDC) has revealed a phishing campaign that targets Office 365 users and includes a convincing SharePoint document claiming to urgently need an email signature.

This new phishing campaign found in an environment protected by Microsoft’s secure email gateway (SEG). Since thousands of individuals still required to telework,  hackers lure their victims with almost picture-perfect sharing themed emails.

How this Attack Works?

Phishing Email (body)

The above Email showcases correct spelling and grammar in messaging that include urgency (“and response urgently”). The user’s name is not clear in the opening message above, indicating that this is a mass-distribution campaign intended to reach multiple users.

“When the user reported this email, suspicion was probably sparked by the sender’s address and the hovered hyperlink, neither of which contained the all-important “Microsoft” reference”, Cofense says.

Phishing Landing Page

When the recipient clicks on the hyperlink, the Phishing landing page will appear. The vendor’s branded logo and the “Pending file” notification could suffice for threat actors to extract and harvest users’ data, as shown above.

Once credentials have been supplied, the campaign redirects the user to a spoofed unrelated document, which might be enough to trick the user into thinking this is a legitimate transaction.

“A user’s personal data could potentially be in the hands of the threat actor, assuming they logged in with their true Microsoft credentials.”

Final Word

Therefore, Cofense suggested an online tool called Whois lookup that allows to extract useful statistical information. It is used to evaluate the legitimacy of the domain name.

Basic information such as the quantity of sites hosted, IP location as well as historical lifetime – are all useful for the investigation.


Gurubaran is a Security Consultant, Security Editor & Co-Founder of Cyber Security News & GBHackers On Security.

Recent Posts

SSNDOB Marketplace Admin Jailed for Selling millions of Americans Data

In a resounding triumph for justice, U.S. District Judge Kathryn Kimball Mizelle has sentenced Vitalii…

10 hours ago

Is Your Online Store Hacked in a Carding Attack? Here’s an Action Plan to Protect

Hackers are plotting to benefit from the generosity of Halloween, Thanksgiving, and Christmas shoppers using…

13 hours ago

Google Researchers Find Out How ChatGPT Queries Can Collect Personal Data

The LLMs (Large Language Models) are evolving rapidly with continuous advancements in their research and…

14 hours ago

New Android Malware Employs Various Tactics to Deceive Malware Analyst

In the dynamic realm of mobile application security, cybercriminals employ ever more sophisticated forms of…

16 hours ago

DJvu Ransomware Mimic as Cracked Software to Compromise Computers

A recent campaign has been observed to be delivering DJvu ransomware through a loader that…

17 hours ago

Okta Hack: Threat Actors Downloaded all Customer Support System Users’ Data

In a pivotal update to the Okta security incident divulged in October 2023, Okta Security…

18 hours ago