TZUTC: -0500
MSGID: 1037.consprcy@1:2320/105 2c67a87b
PID: Synchronet 3.20a-Linux master/acc19483f Apr 26 202 GCC 12.2.0
TID: SBBSecho 3.20-Linux master/acc19483f Apr 26 2024 23:04 GCC 12.2.0
BBSID: CAPCITY2
CHRS: ASCII 1
Popular AI program spoofed in phishing campaign spawning fake Microsoft
Sharepoint logins

Date:
Thu, 17 Apr 2025 13:02:00 +0000

Description:
Crooks were seen using Gamma in their phishing attack chain, researchers say.

FULL STORY

Gamma, a relatively new AI-powered presentation software tool, is being 
abused in hyper-convincing phishing attacks that impersonate Microsofts
SharePoint and aim to steal peoples login credentials. 

Cybersecurity researchers Abnormal spotted the attacks in the wild, and
described the phishing flow as so polished it feels legitimate at every step. 

The attack starts with a generic, quick-to-the-point phishing email being 
sent from a legitimate, but compromised, email account. This helps the crooks
bypass standard authentication checks like SPF, DKIM, and DMARC and land the
email directly into the targets inbox. 

The email itself is nothing out of the ordinary, and carries a PDF attachment
that, in reality, is just a hyperlink, leading to a presentation hosted on
Gamma, an AI-powered online presentation builder. 

The presentation features the impersonated organizations logo and a message 
in the lines of View PDF or Review Secure Documents. 

The message is in the form of a hyperlink that leads to an intermediary 
splash page holding impersonated Microsoft branding and a Cloudflare
Turnstile. That way, crooks make sure that actual humans, not basic automated
security tools, access the site. 

If the victim clicks on the call-to-action, they are taken to a phishing page
that impersonates the Microsoft SharePoint sign-in portal. 

This is where the actual theft happens, since the victims are then invited to
log in using their Microsoft credentials. 

Typing in the wrong credentials returns an error, prompting the researchers 
to conclude that the attackers have some sort of adversary-in-the-middle 
setup that helps them verify the credentials in real-time. 

Abnormal says the attack is unique mostly because Gamma is a relative 
newcomer on the scene, only being around for a few years. 

Organizations are becoming increasingly familiar with file-sharing phishing
attacks in general, and some may have even begun incorporating examples into
their security awareness training. That being said, its highly likely that 
the percentage of companies that have updated their cybersecurity education 
to include this type of phishing is lowand the number that use examples of
attacks other than those exploiting household brands like Docusign and 
Dropbox is even lower, the researchers said. 

Thus, this kind of attack may not set off alarm bells that encourage a higher
level of scrutiny from employees the way an attack that exploits Canva or
Google Drive might.

======================================================================
Link to news story:
https://www.techradar.com/pro/security/popular-ai-program-spoofed-in-phishing-
campaign-spawning-fake-microsoft-sharepoint-logins

$$
--- SBBSecho 3.20-Linux
 * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)
SEEN-BY: 105/81 106/201 128/187 129/305 153/7715 154/110 218/700 226/30
SEEN-BY: 227/114 229/110 111 114 206 300 307 317 400 426 428 470 664
SEEN-BY: 229/700 705 266/512 291/111 320/219 322/757 342/200 396/45
SEEN-BY: 460/58 712/848 902/26 2320/0 105 3634/12 5075/35
PATH: 2320/105 229/426