Phishers behind a new campaign have switched to using compromised SharePoint sites and OneNote documents to redirect potential victims from the banking sector to their landing pages. The attackers take advantage of the fact that the domains used by Microsoft’s SharePoint web-based collaborative platform are almost always overlooked by secure email gateways which allow their messages to regularly reach their targets’ inboxes. The emails sent as part of this new phishing campaign are delivered from compromised accounts and will ask the targets to review a legal assessors proposal via an URL embedded within the message.
Source: https://www.bleepingcomputer.com/news/security/hacked-sharepoint-sites-used-to-bypass-secure-email-gateways/