This content is viewable by Everyone
Sep 2023: Credential Phishing Lure Imitates SharePoint and Financial Institution
Threat Alert: Lure Spoofs SharePoint and Financial Institution
- Cybercriminals have launched a series of phishing attacks imitating a financial institution. The lures use an alleged credit card transaction dispute as a theme.
- While the emails claim to come from a financial institution, the email sending address does not match the email domain of the spoofed financial organization.
- The lures contain a malicious link leading to a lookalike login page for a financial institution as well as a malicious HTML attachment leading to a lookalike login page for Microsoft SharePoint.
Key Actions (at Work and at Home)
- Go beyond surface clues. Familiar logos, branding, and names are not automatic indicators that an email or website is safe. Cybercriminals often imitate well-known organizations.
- Remain alert to phishing indicators. Mismatches between sending addresses and an organization’s name are always warning signs.
- Verify the legitimacy of any unsolicited/unexpected email before you interact with it, especially if it directs you to click on a link, download an attachment, or to provide credentials. It can be tempting to click on a “call-to-action.” But if you notice a subtle change or inconsistency within a message, don’t ignore it—report it.
- Report ANY suspicious emails using the Phish Alarm button. Remember: Our organization occasionally sends phishing simulations.