Security Awareness – Current Phishing Campaign Leverages Fake Outlook Web App

A new phishing scam is using the likeness of Microsoft Outlook Web App to steal credentials. Researchers at Mailguard observed a recent phishing campaign from an unknown group of cyber criminals seeking to gain access to user credentials. The email asks users to ‘validate your account’ by clicking on a nefarious link and entering your password. After clicking the link, victims are directed to a mimicked version of the Outlook Web App login page and asked to provide their username and password. After the victim submits their credentials, the threat actor collects them for later use, and the victim is met with an error saying “The password you entered isn’t correct. Try entering your correct password again.” Outlook Web App users should be aware of the features of this scam. The phish uses the displayed email address of ‘IT_Oprations [at] tech-centre [.] com’ and claims to be from the ‘Accounts’ department. The word ‘operations’ is spelled incorrectly, underscoring the fraudulent intent of the email. Members are encouraged to use this current theme in security awareness reminders. Likewise, this example is another reminder to always use caution when opening emails from outside an organization and to carefully scrutinize the sending email address and any links contained within the message. For more about this current campaign, including an image of the phishing email, visit Mailguard.