Thus, cybercriminals can steal logins and passwords for various mail accounts.
According to experts, cybercriminals not only hide the phishing link on the SharePoint server, but also distribute it using their native mechanism for sending notifications.
attackers steal data using “native” notifications
If the recipient clicks on the link, they are taken to the actual SharePoint server, where the claimed OneNote file opens. The file contains a large PDF file icon, which can easily be mistaken for another step to download the data and click on the phishing link.
Thus, cybercriminals can steal logins and passwords for various email accounts, including Yahoo!, AOL, Outlook, Office 365. The scheme is aimed at employees of companies around the world, including in Russia. In total, over the past winter, experts have identified more than 1,600 such letters.