Threat Alert: Password Expiration-Themed Lures Steal Credentials

• A series of phishing emails is using the purported expiration of a webmail password as a lure.
• The email sender is “Email Support”; however, the sending domain appears to be unrelated to the recipient’s organization.
• Recipients are instructed to click a hyperlinked “Keep Existing Password” button if they want to continue using the same password.
• The link leads to a credential harvesting page that is themed to appear like the recipient’s organization. Entering the password into the page leads to credential theft.

Key Action: Report Suspicious Emails 

• Remain alert to phishing indicators. Mismatches between sending addresses and an organization’s name are always warning signs
• Verify the legitimacy of any unsolicited/unexpected email before you interact with it, especially if it directs you to click on a link or asks you to provide credentials.
• Report ANY suspicious emails using the Phish Alarm button.