$31,000 Sanction in Lacey v. State Farm …

BackAI-Powered Presentation Tool Gamma Implicated in Multi-Stage Phishing Campaign

AI-Powered Presentation Tool Gamma Implicated in Multi-Stage Phishing Campaign

Apr 15, 20257 reportsSeverity: MinorToolHigh confidence

Cybercriminals exploited Gamma, an AI-powered presentation platform, to create sophisticated multi-stage phishing attacks that redirected users through legitimate-looking presentations to fake Microsoft SharePoint login pages to steal credentials.

Threat actors have been exploiting Gamma, an AI-powered presentation creation platform, to conduct sophisticated phishing attacks targeting Microsoft credentials. The attacks begin with emails sent from legitimate but compromised email accounts containing links disguised as PDF attachments. When clicked, these links redirect victims to presentations hosted on Gamma's legitimate domain (gamma.app) that feature the target organization's logo and call-to-action buttons labeled 'View PDF' or 'Review Secure Documents.' Clicking these buttons leads to an intermediary page with fraudulent Microsoft branding and a Cloudflare Turnstile bot detection tool. After completing the verification, victims are directed to a convincing fake Microsoft SharePoint login portal designed to harvest their credentials. Security researchers at Abnormal Security discovered that the attackers use adversary-in-the-middle (AiTM) techniques to validate credentials in real-time, displaying 'Incorrect password' errors for wrong credentials and potentially capturing multi-factor authentication tokens. The campaign exploits Gamma's relatively new status as a platform, making it less familiar to potential victims and security teams. This represents a 'living-off-trusted-sites' (LOTS) attack that leverages legitimate services to host malicious content and evade traditional security measures.

Domain classification, causal taxonomy, severity scores, and national security assessments were LLM-classified and may contain errors.

Risk Domain

4Malicious Actors & Misuse

4.3Fraud, scams, and targeted manipulation

Using AI systems to gain a personal advantage over others such as through cheating, fraud, scams, blackmail or targeted manipulation of beliefs or behavior. Examples include AI-facilitated plagiarism for research or education, impersonating a trusted or fake individual for illegitimate financial benefit, or creating humiliating or sexual imagery.

Causal Classification

Entity

Human

Due to a decision or action made by humans

Intent

Intentional

Due to an expected outcome from pursuing a goal

Timing

Post-deployment

Occurring after the AI model has been trained and deployed

Harm Severity Assessment

Highest Score:2 — Minor(Toxic or Malicious Content, direct)

National Security Assessment

Overall Score(2/5)

Stakeholders

Developers: Gamma
Deployers: Unknown Threat Actors, Unknown Threat Actors Leveraging Gamma, Unknown Aitm Phishing Campaign Actors
Harmed Parties: Gamma, Microsoft, Microsoft Sharepoint Users, Recipients Of Phishing Emails Sent From Compromised Accounts, Enterprises Relying On Microsoft 365 And Identity Services, Organizations Whose Employees Interacted With Gamma Hosted Phishing Content

AI System Classification

Primary Purpose: Content Generation
Behaviour Type: Tool
EU AI Act Risk Level: 4 Minimal or No Risk
Occurrences: 1

Population Impact

No population impact data reported.

External Links

View on AI Incident Database