A phishing scam is targeting Outlook users with fake “Final Notice” meeting invites containing QR codes that lead to credential stealing login pages.
In this week’s scam, you open your Microsoft Outlook calendar and see an unexpected meeting invitation. The meeting is titled “Final Notice: Payroll Acknowledgement Required” and appears to be urgent. If you open the event, you’ll find a PDF attachment with a QR code and instructions to scan the code for more information.
However, the meeting invitation you received was sent by cybercriminals! If you scan the QR code and pass a brief security check, you are directed to what appears to be a Microsoft 365 login page. You are prompted to enter your username and password to access your Outlook account and read further details about the meeting. But this login page is fake, and if you enter your user information, cybercriminals will steal it!
Tips to Stay Safe
Follow these tips to avoid falling victim to this phishing scam:
- If you do see a suspicious meeting appear on your calendar, don’t select any links or open any attachments in the invitation.
- Unusual or alarming meeting invitations should be treated like suspicious emails. Be sure to follow your organization’s policies for reporting them!
- Remember that cybercriminals use urgent-sounding language, such as “Final Notice,” to scare you into acting impulsively. Always stop and think before you take action!
Stop. Look. Think. And don’t be fooled.
Tips of the Week Brought to You By Our Partners at KnowBe4
KnowBe4 is the world’s most popular integrated platform for awareness training combined with simulated phishing attacks. Let Keller Schroeder show you how KnowBe4 has helped thousands of organizations just like yours manage the continuing problem of social engineering. Contact us today to learn more.
