Threat Alert: What to Watch For

• Cybercriminals have launched Okta-branded phishing attacks encouraging recipients to follow a link to resynchronize their Okta and Microsoft accounts.  
• Clicking on the link leads to a credential phishing kit that redirects the user to a lookalike Microsoft login page. While the page may look legitimate, its URL is not an expected Microsoft domain. 
• A phishing server will intercept any entered credentials, including multi-factor authentication (MFA) tokens, allowing attackers to take over targeted Microsoft accounts. 

Key Action: Report Suspicious Emails

• Report ANY suspicious emails using the Phish Alarm button in your email menu bar. 
• Remember: Our organization occasionally sends phishing simulations that are used to evaluate the potential impact of a real phishing attack. Report any emails that match the tactics described above. 
• If a reported message is a simulation, you will see a notification alerting you to that. No further action is needed on your part. 
• If a reported message was not a simulation, and you are concerned about a time-sensitive request, you must take additional steps to verify the email is valid before acting on it. 

Tips to Remember (at Work and at Home)

• Go beyond surface clues. Familiar logos, branding, and names are not automatic indicators that an email or website is safe. Cybercriminals often imitate well-known organizations.  
• Verify the legitimacy of any unsolicited/unexpected email before you interact with it, especially if it directs you to click on a link or asks you to provide credentials. It can be tempting to click on a “call-to-action.” But if you notice a subtle change or inconsistency within a message claiming to be from a platform you use at work, don’t ignore it—report it.
• Remain alert to phishing indicators. Inconsistencies, such as a purported Microsoft login page using a non-Microsoft domain, should always be taken as a phishing warning sign.