Holiday phishing includes fake Microsoft Office notification
Don’t let the holidays distract you from necessary due diligence when it comes to phishing attempts. The bad guys work like Santa’s elves coming up with new ways to trick unsuspecting victims into giving up sensitive data online. But unlike the elves, these digital criminals don’t stop on Dec. 24.
Lately, phishing attacks are spoofing the popular Microsoft Office 365 by sending what appear to be “new voicemail” email messages. These fake notifications look legit — they include Microsoft or Outlook 365 logos and include details about the fake message such as the caller’s number and the length of the message.
They use two different emails: one includes a fake play button with a link that will take you to your message, and the other includes an HTML attachment with instructions to open to access the message.
Clicking on the link or attachment will redirect one to a fake Microsoft Outlook 365 login portal. Enter your credentials here, and they will immediately be stolen giving bad guys access to your private information.
Some rules of thumb to protect yourself from these types of attacks:
- Never click on a link or an attachment that you weren’t expecting. Even if it appears to be from a person of an organization that you’re familiar with, the sender’s email address could be spoofed.
- If you’re already logged into your email account, you shouldn’t be prompted to log in again, this is a red flag. Before you enter sensitive information on any page, check the domain name. Make sure that the website you are on is correctly spelled and not mimicking a well-known brand or company.
- Get familiar with the format of your voicemail notification emails. If you’re ever in doubt, contact the proper department in your organization before you click on any links or download attachments.
We’re here to help. Visit our fraud and identity-theft page for more information.