We have seen a spike recently in a new phishing scam that has proven to be quite effective. The primary goal of this phishing scam is to secure your Office365 user name and password then email everyone in your address book looking to gain the same information from them. The goal is access as many accounts as possible with the end goal of harvesting any sensitive information that may be in these email accounts.
The phishing expedition happens like this:
- You receive an email from someone you know with an attachment. (The attachments recently have been pdfs but the format can be almost anything.)
- You open the attachment and find this:
- Once you click on the Access Document button you are taken to a website that appears to be Office365
- You are prompted to enter your Office365 user name and password and nothing happens.
- At this point in time the phishing expedition has been successful. You have given them your user name and password.
- Now they will log into your account and do the following:
- Create a rule that forwards all your incoming emails to a gmail account they control
- Send the same phishing email to all of your contacts
- Create a rule that deletes any incoming emails so you never hear from any of your contacts when they question whether the email you just sent is legitimate.
- Gain full access to every email in your account
In order to protect yourself from this phishing attempt you should always follow these steps:
- Most malware is delivered via links and attachments in emails. If you receive an unexpected email containing a link or attachment reach out to the sender via phone or text to verify its authenticity. Do not reply to the email as the hackers have control of the senders email account and they will reply saying “yes it is legitimate please open”.
- If you believe you have been compromised you must log into your Office365 account and change your password as well as turn off any fowarding rules they may have created. If you need assistance reach out to your help desk.
- If you have any doubts about any email whatsoever delete it or call your help desk.
