Threat Alert: CREDENTIAL PHISHING Attacks Use Microsoft Voicemail Lure

• A series of phishing attacks are focused on stealing Microsoft credentials.
• The phishing lures abuse Microsoft branding and claim the recipient has a voicemail.
• The lures encourage recipients to follow a link that leads to a Microsoft-branded page, which contains another link that asks the user to verify their identity.
• Following this link leads to a CAPTCHA- protected login page personalized to the recipient.
• Entering credentials into the page leads to credential theft.

Key Action: Report Suspicious Emails 

• Verify the legitimacy of any unsolicited/unexpected email before you interact with it, especially if it directs you to click on a link or asks you to provide credentials.
• Go beyond surface clues. Familiar logos, branding, and names are not automatic indicators that an email or website is safe. Cybercriminals often imitate well- known organizations
• Report ANY suspicious emails using the Phish Alarm button.