This week we [Layer3] have seen a new phishing attack being launched within New Zealand, and it’s a zinger.
Scammers and hackers are getting smarter. Have a good firewall, antivirus and spam filtering within your organisation only goes so far to stop phishing attacks. What we’ve seen this week goes beyond traditional security measures to break out of the box in order to trick end users to enter their credentials.
I’ve blanked out the name to protect the victim. This is a real email I received today.
Here’s how it works:
You receive an email, with an attachment, asking you to open it. We’ve all had these, but this one is a little different.
So far, it looks normal. The email address here is legit (I’ve checked the technical details). So you click the attachment.
The attachment is another email. When opening this email, it looks like there is a toolbar with another attachment. This isn’t an attachment, it’s a link. This link takes you to a legitimate Microsoft OneDrive account which is still active at the time of writing. Because of this, your security software and firewalls will not detect any malicious behaviour.
The link is legitimate
OneDrive PDF Attachment
Now you are viewing a PDF attachment on a legitimate Microsoft OneDrive account.
This PDF yet again has another link to download a PDF. This is where the attack happens. This link sends you to a credential harvesting page asking you to login via Office 365 or by using your Google account.
Upon selecting your provider, in this case, Office 365, you are prompted for your credentials
The link for this site is
Which is not a legitimate website.
If you have entered your information, your account has now been compromised.
The simple solution is to have your staff trained. We engage our customers with free security seminars all year round. These are hands on seminars aimed at engaging with staff to make them look at security differently.
As well as running phishing simulators on and on-going basis to ensure staff and management stay vigilant.
If you’d like to see more of these sorts of stories, please let me know.