Threat Alert: Phishing Attacks Abuse Proofpoint Branding

• Cybercriminals have launched a series of phishing attacks abusing Proofpoint branding in the lures. 
• The phishing lures claim to come from Proofpoint; however, the email sending address does not belong to the Proofpoint domain. 
• The lures claim a recipient’s email inbox is almost out of space and that recipients need to log into their Proofpoint account and add more space. The lures claim failure to add space could lead to the inbox being closed.  
• Clicking on the URL leads to a lookalike Proofpoint login page that steals user’s credentials.  

Key Actions (at Work and at Home)

• Go beyond surface clues. Familiar logos, branding, and names are not automatic indicators that an email or website is safe. Cybercriminals often imitate well-known organizations.   
• Beware of strong appeals to emotion. Cybercriminals look for ways to increase pressure on recipients of phishing emails. Threats of closing an email inbox are intended to increase the chances of interaction with malicious attachments or URLs.  
• Remain alert to phishing indicators. Mismatches between an email’s sending address and the alleged sender should be treated as an immediate red flag.  
• Report ANY suspicious emails using the Phish Alarm button. Remember: Our organization occasionally sends phishing simulations.