Threat Alert: What to Watch For

• Cybercriminals have launched a series of phishing attacks using an emailed fax of an alleged paycheck as a lure. The phishing emails spread a malicious HTML attachment.
• Opening the attachment leads to a lookalike Adobe login page, which is designed to steal unsuspecting recipients’ email credentials.
• The sending email address for the phishing emails is “fax@” and then the name of the recipient’s organization.

Key Action: Report Suspicious Emails

• Report ANY suspicious emails using the Phish Alarm button in your email menu bar.
• Remember: Our organization occasionally sends phishing simulations that are used to evaluate the potential impact of a real phishing attack. Report any emails that match the tactics described above.
• If a reported message is a simulation, you will see a notification alerting you to that. No further action is needed on your part.
• If a reported message was not a simulation, and you are concerned about a time-sensitive request, you must take additional steps to verify the email is valid before acting on it.

Tips to Remember (at Work and at Home)

• Verify the legitimacy of any unsolicited/unexpected email before you interact with it, especially if it leads you to a login page asking for credentials. Remember, if you notice a subtle change or inconsistency within a message claiming to be from an internal department, don’t ignore it—report it.
• Be extremely cautious of emailed attachments that lead you to an account login page—even if the page looks “right.” It’s always safest to control your own path and log in via known, trusted channels.
• Familiarize yourself with standard payment processes. Communications regarding payments should only ever come from known, organizational email addresses. If in doubt, always double check the legitimacy of a payment email with the finance or HR teams before interacting with a suspicious message.