UCSF IT Technology

Cybercriminals have launched phishing attacks leveraging compromised Microsoft Office 365 accounts.The lures include .rpsmg file attachments, as well as embedded URLs hidden behind a “Read the Message” button.   Clicking the malicious link leads to a credential phishing kit that redirects the user to a legitimate login page.

Cybercriminals have launched a series of phishing attacks imitating a financial institution. The lures use an alleged credit card transaction dispute as a theme.  While the emails claim to come from a financial institution, the email sending address does not match the email domain of the spoofed financial organization.

Cybercriminals have launched a series of phishing attacks using timely tax-themed lures. While the email from field says “Irs notice” and then the name of the organization, the sending address is a Madwire account.The phishing emails contain an HTML attachment allegedly containing delivery details about a tax related USPS letter. Opening the attachment leads to a lookalike Microsoft login page designed to steal credentials.

Cybercriminals are increasingly using phishing-as-a-service kits to build and distribute lookalike Microsoft Office 365 landing pages via phishing lures.  The phishing lures can be customized to have a variety of different appearances or themes.