Threat Alert: What to Watch For

• Cybercriminals have launched phishing attacks leveraging compromised Microsoft Office 365 accounts. 
• The lures include .rpsmg file attachments, as well as embedded URLs hidden behind a “Read the Message” button.   
• Clicking the malicious link leads to a credential phishing kit that redirects the user to a legitimate login page. While the page itself is legitimate, the original phishing server will intercept any entered credentials, including multi-factor authentication (MFA) tokens.

Key Action: Report Suspicious Emails

• Report ANY suspicious emails using the Phish Alarm button in your email menu bar. 
• Remember: Our organization occasionally sends phishing simulations that are used to evaluate the potential impact of a real phishing attack. Report any emails that match the tactics described above. 
• If a reported message is a simulation, you will see a notification alerting you to that. No further action is needed on your part. 
• If a reported message was not a simulation, and you are concerned about a time-sensitive request, you must take additional steps to verify the email is valid before acting on it. 

Tips to Remember (at Work and at Home)

• Go beyond surface clues. Familiar logos, branding, and names are not automatic indicators that an email or website is safe. Cybercriminals often imitate well-known organizations.  
• Verify the legitimacy of any unsolicited/unexpected email before you interact with it, especially if it directs you to click on a link leading to a credential page. It can be tempting to click on a “call-toaction,” especially for reading a message.
• Keep in mind that cybercriminals regularly abuse legitimate services like Microsoft Office 365. Abusing legitimate services gives cybercriminals and their lures an additional air of legitimacy. If you see an unexpected email linking you to an unknown document, it should be regarded as potentially malicious.