- Hackers use stolen E -Mail accounts to start phishing -attack
- They create fake landing pages through Gamma Ai, E Xperts warn
- The goal is to steal Microsoft Login -Legitimation Information
Gamma, a relatively new AI-driven presentation software tool, is abused in Hyper-Operating Phishing attacks that mimic Microsoft’s SharePoint and aim to steal people’s login credentials.
CyberSecurity -scientists abnormally discovered the attacks in nature and described phishing stream as “so polished that it feels legitimate at each step.”
The attack starts with a generic, quick-to-point phishing email sent from a legitimate but compromised email account. This helps the Crooks Bypass Standard Authorization Control such as SPF, DKIM and DMARC and land the e -mail directly into the target’s inbox.
Spoofing SharePoint
The e-mail itself is nothing unusual and carries a PDF attachment that is in fact just a hyperlink that leads to a presentation hosting Gamma, an AI-driven online presentation builder.
The presentation contains the mimicked organization’s logo and a message in the lines with “View PDF” or “Review Secure Documents”.
The message is in the form of a hyperlink that leads to a disseminant Splash page that holds mimic Microsoft -branding and a cloudflare -turnstiles. In this way, Crooks ensures that actual people, not basic automated security tools, have access to the site.
If the victim clicks on that call for action, they are led to a phishing page that mimics Microsoft SharePoint login portal.
This is where the actual theft happens as the victims are then encouraged to log in using their Microsoft credentials.
Entering the wrong credentials returns an error, causing researchers to conclude that attackers have a kind of opponent-in-mid-setup that helps them verify the credentials in real time.
Abnormal says the attack is unique, mainly because gamma is a “relative newcomer” on stage that is only for a few years.
“Organizations are becoming more and more familiar with file sharing of phishing attacks in general, and some may even have begun to incorporate examples into their security awareness. Having said, it is very likely that the percentage of companies that have updated their cyberSecurity training to include this type of phishing is low-and-number. Doctures and Dropbox, ”are below differences.
“Thus, this type of attack may not offset alarm bells that encourage a higher level of control by employees, as an attack that exploits Canva or Google Drive, maybe.”
