TZUTC: -0500   
   MSGID: 1037.consprcy@1:2320/105 2c67a87b   
   PID: Synchronet 3.20a-Linux master/acc19483f Apr 26 202 GCC 12.2.0   
   TID: SBBSecho 3.20-Linux master/acc19483f Apr 26 2024 23:04 GCC 12.2.0   
   BBSID: CAPCITY2   
   CHRS: ASCII 1   
   Popular AI program spoofed in phishing campaign spawning fake Microsoft   
   Sharepoint logins   
      
   Date:   
   Thu, 17 Apr 2025 13:02:00 +0000   
      
   Description:   
   Crooks were seen using Gamma in their phishing attack chain, researchers say.   
      
   FULL STORY   
      
   Gamma, a relatively new AI-powered presentation software tool, is being    
   abused in hyper-convincing phishing attacks that impersonate Microsofts   
   SharePoint and aim to steal peoples login credentials.    
      
   Cybersecurity researchers Abnormal spotted the attacks in the wild, and   
   described the phishing flow as so polished it feels legitimate at every step.    
      
   The attack starts with a generic, quick-to-the-point phishing email being    
   sent from a legitimate, but compromised, email account. This helps the crooks   
   bypass standard authentication checks like SPF, DKIM, and DMARC and land the   
   email directly into the targets inbox.    
      
   The email itself is nothing out of the ordinary, and carries a PDF attachment   
   that, in reality, is just a hyperlink, leading to a presentation hosted on   
   Gamma, an AI-powered online presentation builder.    
      
   The presentation features the impersonated organizations logo and a message    
   in the lines of View PDF or Review Secure Documents.    
      
   The message is in the form of a hyperlink that leads to an intermediary    
   splash page holding impersonated Microsoft branding and a Cloudflare   
   Turnstile. That way, crooks make sure that actual humans, not basic automated   
   security tools, access the site.    
      
   If the victim clicks on the call-to-action, they are taken to a phishing page   
   that impersonates the Microsoft SharePoint sign-in portal.    
      
   This is where the actual theft happens, since the victims are then invited to   
   log in using their Microsoft credentials.    
      
   Typing in the wrong credentials returns an error, prompting the researchers    
   to conclude that the attackers have some sort of adversary-in-the-middle    
   setup that helps them verify the credentials in real-time.    
      
   Abnormal says the attack is unique mostly because Gamma is a relative    
   newcomer on the scene, only being around for a few years.    
      
   Organizations are becoming increasingly familiar with file-sharing phishing   
   attacks in general, and some may have even begun incorporating examples into   
   their security awareness training. That being said, its highly likely that    
   the percentage of companies that have updated their cybersecurity education    
   to include this type of phishing is lowand the number that use examples of   
   attacks other than those exploiting household brands like Docusign and    
   Dropbox is even lower, the researchers said.    
      
   Thus, this kind of attack may not set off alarm bells that encourage a higher   
   level of scrutiny from employees the way an attack that exploits Canva or   
   Google Drive might.   
      
   ======================================================================   
   Link to news story:   
   https://www.techradar.com/pro/security/popular-ai-program-spoofed-in-phishing-   
   campaign-spawning-fake-microsoft-sharepoint-logins   
      
   $$   
   --- SBBSecho 3.20-Linux   
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)   
   SEEN-BY: 105/81 106/201 128/187 129/305 153/7715 154/110 218/700 226/30   
   SEEN-BY: 227/114 229/110 111 114 206 300 307 317 400 426 428 470 664   
   SEEN-BY: 229/700 705 266/512 291/111 320/219 322/757 342/200 396/45   
   SEEN-BY: 460/58 712/848 902/26 2320/0 105 3634/12 5075/35   
   PATH: 2320/105 229/426