Recently we have seen an increase in a few specific email phishing campaigns being reported by our clients, and would like to share these with you and your teams to make sure you know what to look out for!
The first of these is an email that claims to come from Microsoft, saying that you have messages that have been delayed for sending.
The intention here is that you will click through the link and enter your Office 365 credentials to “release the delayed messages”, which will then allow the person emailing you access to your account. It will look like the image above.
Obviously if you receive an email like this, do not click the link.
You’ll notice a couple of key giveaways with this email:
- The from address does not have a Microsoft domain, and
- if you hover over the “Release Delayed Messages” link, this also has no reference to Microsoft.
The second message currently circulating takes advantage of previous credential leaks from websites that have been compromised recently, and claims to have access to your account and machine already.
This is a good example of why you should use different passwords across your accounts, and in this case as long as you aren’t using that password anywhere else you can disregard the email.
If you do have the password mentioned in use elsewhere, make sure you change this as soon as possible.
These emails use scare tactics often saying they have video footage of you from your webcam, or have tracked your internet usage. The content is usually very poorly formatted and will ask for money to keep your information secured.
For more detailed information about this scam, as well as a reporting form, check out this post from cert.govt.nz.
Actions to take
If you receive either of these messages please:
- Don’t engage with the senders or click on any enclosed links,
- Do delete the email from your inbox.
As always of course, feel free to double check with our team by phone or email if you are at all unsure! It’s far better to be overly cautious in this situation than to take a risk by clicking on any unknown links.