Cybercriminals are using fake internal emails with alarming subject lines and PDF attachments to steal Microsoft login credentials.
In this week’s scam, you receive an email that looks like an official message from your organization. The email has an alarming subject line that says, “Reminder: employer opened a non-compliance case log.” It states that a code of conduct review has been opened against you, and includes a PDF attachment that contains a link for you to select to review additional documentation.
But this email is actually a phishing scam! If you select the link in the PDF file, you are instructed to complete a series of security checks, which include entering your email address and verifying that you are not a robot. Finally, you are directed to a login page and asked to sign in to your Microsoft account to access the file. But these “security checks” aren’t real, and the login page is fake. If you type your login information, scammers will steal it!
Tips to Stay Safe
Follow these tips to avoid falling victim to this phishing scam:
- If you receive an unexpected email about a conduct report or compliance case, do not open any attachments or select any links. Instead, contact your manager or supervisor to see if the email is legitimate.
- Real internal documents usually don’t require you to go through multiple security checks to access a file. If something seems suspicious, trust your instincts!
- Be extra cautious if you receive an unexpected email with an attachment, especially if it seems urgent. Remember, scammers often try to trick you into acting without thinking!
Stop. Look. Think. And don’t be fooled.
Tips of the Week Brought to You By Our Partners at KnowBe4
KnowBe4 is the world’s most popular integrated platform for awareness training combined with simulated phishing attacks. Let Keller Schroeder show you how KnowBe4 has helped thousands of organizations just like yours manage the continuing problem of social engineering. Contact us today to learn more.
