Threat Alert: Christmas-Themed Lures Steal User Credentials 

• Cybercriminals have launched a series of phishing attacks using an allegedly upcoming Christmas party as a theme. 
• The phishing lures contain an HTML attachment that allegedly contains details relevant to the party. 
• Opening the attachment leads to a lookalike Microsoft Outlook login page that steals any entered credentials. 

Key Actions (at Work and at Home) 

• Remember that cybercriminals commonly leverage current events in phishing attacks. Annual events like the holiday season give cybercriminals time to prepare potentially convincing lures.    
• Verify the legitimacy of any unsolicited/unexpected email before you interact with it, especially if it directs you to a login page where you must enter your user credentials. It can be tempting to click on a “call-to-action.” But if you notice a subtle change or inconsistency within a message, don’t ignore it—report it.  
• Report ANY suspicious emails using the Phish Alarm button. Remember: Our organization occasionally sends phishing simulations.