The FBI Cyber Division has recently released a warning regarding specific phishing emails attempting to harvest user’s credentials by presenting fake login pages for Office 365 and other online accounts. As always, be cautious about any link you click in an email, text message, or social media post. If you’re not sure if a link is legitimate, here’s a few tips to help you check it:
- Is the email from a known sender?
- Are you expecting to receive an attachment from this sender?
- Are there red flags such as misspellings, odd phrases, or off topic questions?
- Hover over the link with your mouse; does the hover text match the link?
If you answered no to any of the above, you should not click the link without more information. Try contacting your IT department by phone to ask if the link is valid (especially if it is asking for any username or password info). Here’s some more information from the FBI on this specific campaign.
Cybercriminal and advanced persistent threat (APT) groups are leveraging COVID-19 themed health, informational, and warning notice emails in an attempt to obtain online service credentials, e.g., Microsoft O365 accounts. These emails direct targets to click links by purporting to be online services requiring authentication. Malicious actors use these links to capture victim credentials and then redirect victims to the World Health Organization’s (WHO) Coronavirus notice. Additionally, cybercriminals and APT groups have attached archive files that contain malicious portable executables (PE) or JAVA.jar files to their phishing emails.
FBI Flash Alert, May 4 2020
Sierra Computer Group recommends that all employees go through regular cybersecurity training to help mitigate the risk of phishing campaigns like these. The first line of defense is the user! Other precautions should include proper antivirus/antimalware software, business-grade email with spam and malware filtering, two-factor authentication, and of course – good backups.