"Phishing Attack Exploits Craigslist and Microsoft OneDrive"

The email security provider Inky has released a report detailing a new phishing campaign in which both Craigslist and OneDrive are used to trick people into installing malware. The attackers behind the phishing campaign used different tactics to pull off their scam. They sent emails to active Craigslist users instead of random people. The phishing messages came from a Craigslist domain and a legitimate Craigslist IP address. Since the messages appeared legitimate, they were able to evade standard email security protocols. As Craigslist did not intend to send those emails, Inky believes the site could have been compromised by malicious actors, especially since users were specifically targeted. The actors also abused a Craigslist function known as "mail relay" to remain anonymous. In addition, the attackers used a legitimate Microsoft OneDrive site, impersonated DocuSign, and displayed Norton and Microsoft logos. Inky recommends that users be on the lookout for unusual requests and signs of indirect ways to resolve an issue. The provider also suggests that users be suspicious of the mixing of platforms, such as the use of a document uploaded to OneDrive to resolve a Craigslist problem. This article continues to discuss the recent phishing attacks that have exploited Craigslist and Microsoft OneDrive.

TechRepublic reports "Phishing Attack Exploits Craigslist and Microsoft OneDrive"