Threat Alert: Phishing Lures Harvesting Credit Card Data 

• Cybercriminals have launched multiple phishing attacks focused on credit card information theft. 
• These phishing lures appear to come from various known brands using themes like package delivery notifications or surprise rewards or gifts. 
• The lures ask recipients to provide payment card information to cover the cost of shipping for the reward. 
• The phishing emails come from a variety of sending email addresses; however, they all use an @onmicrosoft[.]com sending address. 

Key Actions (at Work and at Home) 

• Go beyond surface clues. Familiar logos, branding, and names are not automatic indicators that an email or website is safe. Cybercriminals often imitate well-known organizations.    
• Beware of “too good to be true” offers. Many contests and giveaways are legitimate. But if you are asked to provide sensitive information—like credit card numbers to cover shipping costs—it’s almost certainly a scam.     
• Report ANY suspicious emails using the Phish Alarm button. Remember: Our organization occasionally sends phishing simulations.