We are due for another AlertCon Security Awareness, right on time I just received another phishing email today.
This is a sample phishing email.
From: +1 265 *** ****
Voice Notification <FROM
a bogus email address >
Sent: Friday, April 5, 2019 10:43 AM
Subject: Voice Note has been received Friday April 5 2019.
+1 (265) *** **** SENT YOU A VOICE MESSAGE
[Listen to Voice Message Here]
Sent by Unified Messaging System
This e-mail is confidential and may contain legally privileged information. If you have received it by mistake, please inform us by reply e-mail and then delete it (including any attachments) from your system; you should not copy it or in any other way disclose its content to anyone. E-mail is susceptible to data corruption, interception, unauthorized amendment, tampering, and virus. We do not accept liability for any such actions or the consequences thereof.
The approach is to trick the recipient of the email to click on [Listen to Voice Message Here] link. It will open to a web page with another DOWNLOAD link. And if the user click on the DOWNLOAD link, it will ask you to enter your Office 365 credentials.
The main objective of this phishing email is to get your username and password.
A friendly reminder, always access your Office 365 using the official website e.g. https://Office365.com or your organization website.
Enable the Two-Factor Authentication if you haven’t use it. This will minimize your account being compromised.