Threat Alert: Lure Spoofs SharePoint and Financial Institution

• Cybercriminals have launched a series of phishing attacks imitating a financial institution. The lures use an alleged credit card transaction dispute as a theme. 
• While the emails claim to come from a financial institution, the email sending address does not match the email domain of the spoofed financial organization.
• The lures contain a malicious link leading to a lookalike login page for a financial institution as well as a malicious HTML attachment leading to a lookalike login page for Microsoft SharePoint. 

Key Actions (at Work and at Home)

• Go beyond surface clues. Familiar logos, branding, and names are not automatic indicators that an email or website is safe. Cybercriminals often imitate well-known organizations.
• Remain alert to phishing indicators. Mismatches between sending addresses and an organization’s name are always warning signs.
• Verify the legitimacy of any unsolicited/unexpected email before you interact with it, especially if it directs you to click on a link, download an attachment, or to provide credentials. It can be tempting to click on a “call-to-action.” But if you notice a subtle change or inconsistency within a message, don’t ignore it—report it.   
• Report ANY suspicious emails using the Phish Alarm button. Remember: Our organization occasionally sends phishing simulations.