Phishing Email Scam asks you to login to read encrypted message

January 21, 2020
phishing email scam

Summary 

New phishing campaign is in circulation requiring users to login to a fraudulent OneDrive site in order to unveil an encrypted message. 

 

Analysis 

  • A believed to be phishing emails with subject similar to ‘Encrypted Message Received’ and includes a link stating ‘View Encrypted Email’. 
  • Message link will divert the user to a fake OneDrive for Business page. 
  • Baited phishing message cause users to click on the “Open” button to view the message. 
  • Once click, OneDrive login page requiring users to input their credentials. 
  • As soon as users log in, their harvested credentials are saved for the attacker malicious purpose. 

 

Recommendation 

  • Keep informed about the latest Phishing trend– New phishing scams sprung by the minute. Without staying on top of these latest phishing techniques, you could inadvertently fall prey to one. Keep your eyes peeled for news about new phishing scams.  
  • Verify site’s security– It’s natural to be a little wary about supplying sensitive financial information online. As long as you are on a secure website, however, you shouldn’t run into any trouble. Before submitting any information, make sure the site’s URL begins with “https” and there should be a closed lock icon near the address bar.  
  • Verify your user accounts online periodically– Get into the habit of changing your passwords regularly too. To prevent bank phishing and credit card phishing scams, you should personally check your statements in a regular basis. 
  • Use perimeter protection– High-quality firewalls act as buffers between you, your computer and outside attackers. You should use two different kinds: Software and a physical appliance 
  • Never fall on account verification thru sms or email– As a rule of thumb never share personal or financially sensitive information over the Internet. When in doubt, go visit the main website of the company in question, get their number and give them a call. Most of the phishing emails will direct you to pages where entries for financial or personal information are required. 
  • Have a latest and reliable AV software– There are number of reasons to use antivirus software. Special signatures that are included with antivirus software guard against known technology workarounds and loopholes. Latest virus definitions should be enough to keep you updated. Anti-spyware and firewall settings should be used to prevent phishing attacks and users should update the programs regularly. 
About the author

Leave a Reply