Threat Alert: ScreenConnect-themed Credential Phishing 

• Cybercriminals have launched a series of phishing attacks impersonating ScreenConnect. 
• Email lures include spoofed headers to give the appearance that the message originated from cloud@screenconnect[.]com and contains a subject line referencing a ScreenConnect login verification code. 
• Within the email body, recipients are prompted to action with a “one-time password” for account login. If clicked, they’ll be redirected to a spoofed ScreenConnect login page with a lookalike domain where they’re directed to enter credentials into a credential harvester. 

Key Actions (At Work and at Home) 

• Verify the legitimacy of any unsolicited/unexpected email before you interact with it, especially if it directs you to click on a link or asks you to provide credentials. It can be tempting to click on a “call-to-action.” 
• Be cautious of clicking on URLs, particularly in unsolicited emails or if they seem out of character for a known sender. Instead, always navigate to a website directly through a known URL or a trusted bookmark.   
• Remain alert to phishing indicators, such as discrepancies between the header and sender of unsolicited or suspicious emails. 
• Report ANY suspicious emails using the Phish Alarm button. Remember: Our organization occasionally sends phishing simulations.