"Fast-Growing Dropbox Campaign Steals Microsoft SharePoint Credentials"

Threat actors in a Business Email Compromise (BEC) campaign are using Dropbox messages to steal Microsoft user credentials. The campaign bypasses security scans based on Natural Language Processing (NLP) and shows how fast these types of attacks evolve. In the first two weeks of September alone, researchers at Check Point Harmony observed over 5,000 attacks where fake login pages directed victims to a credential-harvesting site. The attack is another example of the most recent iteration of BEC, BEC 3.0, in which attackers send and host phishing content using familiar and trusted legitimate websites. Google, QuickBooks, and PayPal are other common sites used in BEC 3.0 attacks. This article continues to discuss findings regarding the Dropbox BEC campaign.

Dark Reading reports "Fast-Growing Dropbox Campaign Steals Microsoft SharePoint Credentials"

Submitted by grigby1

Submitted by grigby1 CPVI on