Back to All Attacks
Attack Details
Attack Date:
Apr 8, 2022

SharePoint Fake Document HTML Attachment Credential Phishing Attack

Initial Email Content

Subject
Ιոⅴ: 224603
Body

You Received a document on sharepoint
Ѕսbјесt: [Recipient Company Name] Payment
Fіⅼе: JF549-0149M-S496, Payment Invoice No. 49g.pdf
Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure, or distribution is prohibited and may be unlawful. If you are not the intended recipient, please contact the sender by reply e-mail, delete, and then destroy all copies of the original message.

Attack Screenshots

No items found.

Malicious Artifacts

Additional Indicators of Compromise

Type

Description

No items found.

Attack Description

This payload-based attack impersonates SharePoint using a free webmail account, an HTML attachment, and a fake document theme to steal credentials.

Analysis Overview

Tactic
Free Webmail Account
Goal
Credential Theft
Impersonated Party
Vector
Payload-based
Theme
Fake Document
Language