CyberSecurityBoard
Sponsor Register Login

New Phishing Attack via OneDrive Targeting C-Level Employees

A new sophisticated phishing campaign has been identified targeting C-level executives through malicious OneDrive links. This attack leverages the trust and familiarity executives have with cloud storage services to deliver credential-stealing payloads. The phishing emails are crafted with high precision, often impersonating legitimate business communications to bypass traditional email security filters. The attackers use OneDrive links to host malicious documents that, when opened, prompt victims to enter their login credentials on fake authentication pages. This method not only increases the likelihood of successful credential theft but also complicates detection due to the use of a reputable cloud service. Security experts recommend heightened vigilance among executives and the implementation of multi-factor authentication (MFA) to mitigate the risk. Organizations should also enhance their email filtering systems and conduct regular phishing awareness training to help employees recognize and report suspicious emails. This campaign highlights the evolving tactics of cybercriminals who exploit trusted platforms and target high-value individuals within organizations. Continuous monitoring and rapid incident response are crucial to defend against such targeted phishing attacks.

This Cyber News was published on cybersecuritynews.com. Publication date: Tue, 02 Sep 2025 19:50:12 +0000


Cyber News related to New Phishing Attack via OneDrive Targeting C-Level Employees

10 Best Anti-Phishing Tools in 2025 - What is Good?What Could Be Better?Real-time email threat detection and response using AI and machine learning.Limited customer support optionsAutomates incident response to stop phishing attacks quickly.The training module is not entirely ...
1 month ago Cybersecuritynews.com
Spear Phishing vs Phishing: What Are The Main Differences? - Almost half of them used phishing to obtain the passwords of users. Highly targeted phishing campaigns against specific individuals or types of individuals are known as spear phishing. It's important to be able to spot phishing in general. For ...
1 year ago Techrepublic.com
The Future of Phishing Email Training for Employees in Cybersecurity - One common method they use is through phishing emails. To counter this changing threat, companies must give importance to providing phishing email training for employees on identifying and responding properly to phishing attempts. Standard training ...
1 year ago Hackread.com
Flipping the BEC funnel: Phishing in the age of GenAI - For years, phishing was just a numbers game: A malicious actor would slap together an extremely generic email and fire it out to thousands of recipients in the hope that a few might take the bait. Common among these new techniques was a shift towards ...
1 year ago Helpnetsecurity.com
What SOCs Need to Know About Water Dybbuk - According to the Federal Bureau of Investigation, BEC costs victims more money than ransomware, with an estimated US$2.4 billion being lost to BEC in the US in 2021. Recently, BEC scammers have been using stolen accounts from legitimate Simple Mail ...
2 years ago Trendmicro.com
Microsoft 365 apps will prompt users to back up files in OneDrive - "If your organization still has users who are not enrolled in KFM, the message ("BACK UP THIS DOCUMENT: Share and work with others in this and other files using OneDrive") will encourage them to do it while using familiar desktop apps," Microsoft ...
5 months ago Bleepingcomputer.com
The Human Firewall: Strengthening the Weakest Link in Cybersecurity - With new technology and changed business operations comes exposure to new cyber risks, prompting companies to prioritize and invest in stronger cybersecurity measures. A joint study by Stanford University Professor Jeff Hancock and security firm ...
1 year ago Cyberdefensemagazine.com
New Phishing Attack via OneDrive Targeting C-Level Employees - A new sophisticated phishing campaign has been identified targeting C-level executives through malicious OneDrive links. This attack leverages the trust and familiarity executives have with cloud storage services to deliver credential-stealing ...
11 hours ago Cybersecuritynews.com
Phishing kits now vet victims in real-time before stealing credentials - Even if they were allowed to use the real target's address, the analysts comment that some campaigns go a step further, sending a validation code or link to the victim's inbox after they enter a valid email on the phishing page. However, with this ...
4 months ago Bleepingcomputer.com
Combat Phishing Attacks With AI-Powered Threat Protection - According to statistics, 81% of organizations have seen an increase in phishing emails since 2020, with an estimated 3.4 billion emails sent every day. AI-generated phishing emails are a sophisticated and evolving cybersecurity threat. ...
1 year ago Gbhackers.com
AI-Powered Phishing Detection - Does It Actually Work? - Unlike traditional methods that rely on identifying known threats, AI-powered systems analyze patterns and behaviors to detect anomalies indicative of phishing attempts. The rise of artificial intelligence (AI) has brought new hope to combating these ...
4 months ago Cybersecuritynews.com
Phishing Campaign Exploits Open Redirection Vulnerability In 'Indeed.com' - Phishing remains one of the most prevalent challenges facing organisations, with more than three billion malicious emails estimated to be sent around the world every day. Owing to the prevalence of the problem, Verizon's 2023 Data Breach ...
1 year ago Cyberdefensemagazine.com
One Phish, Two Phish, Red Phish, Blue Phish - I sat down for a chat with George Skouroupathis, our phishing expert at Resonance Security. Phishing is often the first step taken by hackers in a larger scam. There are lots of different kinds of phishing attacks, but one of the most prevalent is ...
1 year ago Hackread.com
Hamas-Linked APT Wields New SysJoker Backdoor Against Israel - Attackers linked to the Palestinian militant group Hamas are using a revamped version of the SysJoker multi-platform backdoor to attack targets in Israel as the current conflict between the two continues despite a current pause in the fighting. An ...
1 year ago Darkreading.com
Why Phishing Remains the #1 Cyber Threat and How to Stop It - Unlike many cyber threats that rely solely on technical vulnerabilities, phishing exploits natural human tendencies such as trust, urgency, and curiosity. Additionally, adopting zero-trust security frameworks, which require continuous verification of ...
4 months ago Cybersecuritynews.com
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
1 year ago Esecurityplanet.com
Spotting Phishing Attacks with Image Verification Techniques - Phishing refers to the tactic used by scammers who impersonate reputable brands and lure victims to click on suspicious links so that they can breach the privacy and sensitive data of individuals. You can call image-based phishing a relatively ...
4 months ago Cybersecuritynews.com
15% of office workers use unsanctioned GenAI tools - Help Net Security - Rigid security protocols — such as complex authentication processes and highly restrictive access controls — can frustrate employees, slow productivity and lead to unsafe workarounds, according to Ivanti. When employees have unfettered access to ...
11 months ago Helpnetsecurity.com
"Quishing" you a Happy Holiday Season - QR Code phishing scams - What they are and how to avoid them. Originally invented to keep track of car parts in the early 90s, QR codes have been around for decades. Quishing, or QR Code phishing, exploits smartphone users scanning the 2D barcode, ...
1 year ago Netcraft.com
Definition from TechTarget - BYOD is a policy that enables employees in an organization to use their personally owned devices for work-related activities. Smartphones are the most common mobile device an employee might take to work, but they also take their own tablets, laptops ...
1 year ago Techtarget.com
LinkedIn Tests Generative AI to Field Cybersecurity Questions From Employees and Suppliers - LinkedIn is testing how generative artificial intelligence could help employees and external suppliers get answers about cybersecurity policies within seconds, potentially cutting wait times for business deals or decisions to implement new tools. ...
1 year ago Wsj.com
New phishing attack steals your Instagram backup codes to bypass 2FA - A new phishing campaign pretending to be a 'copyright infringement' email attempts to steal the backup codes of Instagram users, allowing hackers to bypass the two-factor authentication configured on the account. Two-factor authentication is a ...
1 year ago Bleepingcomputer.com
Beware of Fake Unpaid Toll Message Attack to Steal Login Credentials - Security analysts note that these toll scam campaigns achieve approximately 5% success rates – substantially higher than traditional email phishing attacks – demonstrating the effectiveness of this multi-stage approach that combines SMS messaging ...
4 months ago Cybersecuritynews.com
Splunk: AI isn't making spear phishing more effective - Despite increased concerns, AI tools won't give adversaries an advantage when it comes to sending effective phishing emails, according to new research by Splunk's Surge security research team. In a blog post Thursday, Tamara Chacon, security ...
1 year ago Techtarget.com
USPS Delivery Phishing Scam Exploits SaaS Providers to Steal Data - A new USPS Delivery Phishing Scam has surfaced, in which scammers are exploiting Freemium Dynamic DNS and SaaS Providers to steal victims' login credentials and other data. Cybersecurity researchers at Bloster AI have uncovered a new USPS Delivery ...
1 year ago Hackread.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)