Box File Sharing Phishing Campaign

The NJCCIC continues to observe phishing campaigns associated with cloud-based file sharing services such as SharePoint, OneDrive, and most recently, Box. Box is a trusted file sharing platform used by 95,000 companies across various industries. The phishing email appears to be from a known or otherwise legitimate user and contains an embedded URL that redirects a potential victim to a fraudulent Box login page. The initial embedded link is not malicious, allowing this activity to bypass security devices. The malicious site is hosted on a compromised server with the intent of harvesting account credentials. The spoofed login page may look very similar to the legitimate site; however, it appears to be an older version. As cloud-based file sharing services increase in popularity amongst businesses, threat actors will continue to simulate these sites for nefarious purposes. The NJCCIC recommends users remain vigilant and follow basic cybersecurity best practices. We strongly encourage educating users about this and similar threats and reminding them to avoid clicking on links or opening attachments delivered with unexpected or unsolicited emails, including those from known senders. If the user is uncertain of the email’s legitimacy, contact the sender via an alternate method. If credential compromise is suspected, users are advised to change credentials across all accounts that used the same login information and enable multi-factor authentication where available.