Back to All Attacks
Attack Details
Attack Date:
Apr 8, 2022
SharePoint Fake Document HTML Attachment Credential Phishing Attack
Initial Email Content
Subject
Ιոⅴ: 224603
Body
You Received a document on sharepoint
Ѕսbјесt: [Recipient Company Name] Payment
Fіⅼе: JF549-0149M-S496, Payment Invoice No. 49g.pdf
Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure, or distribution is prohibited and may be unlawful. If you are not the intended recipient, please contact the sender by reply e-mail, delete, and then destroy all copies of the original message.
Malicious Artifacts
Additional Indicators of Compromise
Type
Description
No items found.
Attack Description
This payload-based attack impersonates SharePoint using a free webmail account, an HTML attachment, and a fake document theme to steal credentials.
Analysis Overview
Tactic
Free Webmail Account
Goal
Credential Theft
Impersonated Party
Vector
Payload-based
Theme
Fake Document
Language