Phishing attack exploits Craigslist and Microsoft OneDrive

A phishing marketing campaign took benefit of the mail relay operate on Craigslist, which permits attackers to stay nameless, Inky says.


Picture: GrafVishenka, Getty Photos/iStockPhotos

Cybercriminals will search for any weak spot or limitation in an in any other case legit service to assist them perform an assault. That is true of a brand new phishing marketing campaign that makes use of each Craigslist and OneDrive to trick individuals into putting in malware. A report printed Tuesday by e-mail safety supplier Inky describes how this assault tried to play out.

SEE: Social engineering: A cheat sheet for enterprise professionals (free PDF) (TechRepublic)  

In October, a number of Inky clients acquired an e-mail notification allegedly from Craigslist warning them that an advert they’d posted included “inappropriate content material,” thus violating Craigslist’s phrases and situations. The recipients got directions to stop their accounts from being deleted.

Clicking on a button within the e-mail was speculated to take individuals to a kind doc that had been uploaded to an precise Microsoft OneDrive website. Customers have been instructed to click on on a obtain hyperlink to acquire the shape, fill it out, after which ship it to an e-mail handle of [email protected]


Picture: Inky

Surely, clicking on the hyperlink downloaded a zipper file that, when uncompresssed, triggered a macro-enabled Excel spreadsheet. The spreadsheet spoofed DocuSign and used Norton and Microsoft logos to recommend that the file was secure. Anybody who clicked on the instructions for Allow Enhancing and Allow Content material bypassed Microsoft Workplace safety and allowed the macros to be executed.

Triggering the macros in a sandbox surroundings, Inky discovered that sure recordsdata have been created, whereas others have been modified. The malware additionally tried to connect with different web sites to obtain extra parts or exfiltrate information. Nevertheless, these makes an attempt failed, both as a result of the attackers made errors of their code or the malicious content material had already been found and eliminated.

Had the malware an infection been profitable, the attackers would have been capable of set up a distant entry device, set up a keylogger, steal saved login credentials from a browser, launch a Trojan to compromise an e-mail account, and even conduct a ransomware assault.

SEE: Warning: 1 in 3 workers are more likely to fall for a phishing rip-off (TechRepublic)

To tug off this rip-off, the attackers employed a number of totally different ways.

The emails have been despatched to lively Craigslist customers relatively than simply random individuals. The phishing messages themselves got here from a Craigslist area and an genuine Craigslist IP handle. As they gave the impression to be legit, the messages have been capable of sneak previous the usual e-mail safety protocols. Since Craigslist did not intend to ship these emails, Inky believes the location might have been compromised, particularly for the reason that customers have been particularly focused.

The criminals behind this rip-off additionally abused a Craigslist operate referred to as mail relay. To assist its customers simply purchase and promote objects, Craigslist lets them change emails with one another. However as an alternative of seeing the sender’s precise e-mail handle, the recipient sees an extended hex string with the area. That course of retains the e-mail addresses of legit customers personal but in addition offers hackers a way to stay nameless.

Additional, the attackers used a legit Microsoft OneDrive website, impersonated DocuSign to offer the operation an air of authenticity and flashed Norton and Microsoft logos to lend extra credibility to the message and the ensuing kind.

To guard your self and your group from an assault like this, Inky gives a number of ideas:

  • Be careful for uncommon requests. On this occasion, your Spidey sense ought to begin tingling should you obtain a violation discover that does not correspond to any exercise you’ve got carried out on the location in query.
  • Be cautious of the blending of platforms. Within the marketing campaign described by Inky, it is mindless {that a} Craigslist downside can be resolved by means of a doc uploaded to OneDrive.
  • Look out for indicators of oblique methods to resolve a problem. On this case, you have to be suspicious in regards to the oblique method you are requested to entry and fill out a kind. With a legit e-mail, the shape can be connected to the message relatively than require you connect with OneDrive.

Additionally see

Recent Articles


Related Stories

Leave A Reply

Please enter your comment!
Please enter your name here

Stay on op - Ge the daily news in your inbox