In one form or another, it seeks to trick an unsuspecting user to innocently hand over sensitive information, like usernames and passwords that the hacker can then use later for any purpose.
The latest variant on this old chestnut is to send what appears to be a legitimate email, politely informing the user that they’ve received a number of confidential emails that are currently being held for them on a server. They’re given the choice to either refuse these messages, accept them, or delete them.
This is a case, however, of all roads leading to the same destination. Whichever linked option is chosen, the user will be routed to a mock-up of a Microsoft Outlook login screen where the user will be prompted to enter his or her credentials. As you might suspect, there are no actual emails, and the only purpose this box serves is to capture the information for later use.
If there’s a silver lining to this attack, it is that all of the samples that have been collected so far have the faux login box hosted on a hacked domain. Careful users will quickly note that they haven’t been taken to Microsoft’s domain and the game will be up.
Unfortunately, ‘careful’ does not describe the vast majority of internet users, and this ploy has already taken in its fair share of victims.
Make sure your IT staff is aware of this latest iteration in the ongoing evolution of the phishing email. It wouldn’t hurt to send a company-wide communication to all employees so that it’s at the forefront of everyone’s minds. It only takes one person to slip up and a hacker could gain access to your company’s network. That’s never a good thing.