Threat Alert: Proofpoint-Themed Lures Steal User Credentials

• A series of phishing emails is abusing the Proofpoint brand.
• The email sender is “Proof Point” with the inclusion of accents over certain letters, likely to bypass detection.
• The phishing lures allege to be a Proofpoint security notification, and they encourage recipients to open an attached .eml file
• Opening the attachment ultimately leads to a purported Proofpoint login page. Entering credentials into the page leads to credential theft.

Key Action: Report Suspicious Emails 

• Remain alert to phishing indicators. Mismatches between sending addresses and an organization’s name are always warning signs as are misspellings of an organization’s name.
• Go beyond surface clues. Familiar logos, branding, and names are not automatic indicators that an email or website is safe. Cybercriminals often imitate well- known organizations.
• Remember cybercriminals take advantage of strong emotions. A warning from a security provider can be nerve-wracking. Keep in mind cybercriminals seek to capitalize on moments of anxiety and the difficulty in thinking clearly in such situations.
• Report ANY suspicious emails using the Phish Alarm button.