Phishing Scam Asks You to Login to Read Encrypted Message

[steven36]

A new phishing campaign is underway that pretends to be an alert from your email server that it has received an encrypted message for you. It then prompts you to login to a fake OneDrive site in order to read the message.

 

 

As phishing campaigns are getting easier to spot, scammers are coming up with new and more interesting ideas to trick people into entering their email credentials.

 

An example of this is a new campaign that uses the subject line of "Encrypted Message Received" and pretends to be a notice from your mail server stating that you need to login to read an encrypted message.

 

Office 365 Phishing Email

 

The text of this phishing scam can be read below.

domain.com
Encrypted Message Received :
You have received and encrypted email from : domain.com
              View Encrypted Email                      
 
domain.com Admin
copyright 2019

 

When a recipient clicks on the "View Encrypted Email " they will be brought to a fake OneDrive for Business page that prompts you to click an Open button view the message.

 

Phishing Scam Landing Page

 

 

When clicking this button you are brought to another page that pretends to be a OneDrive login form that asks you to login with your "professional email login".  Once you enter your email login credentials, the attackers will be able to retrieve it later.

 

Email Account Phishing Page

 

 

As always, when receiving emails that lead to login forms, make sure to examine the URL where the form resides before entering your login credentials. In this particular case, the URLs are not associated with a user's email account and thus should be treated with suspicion and be avoided.

 

If there is any doubt, always ask your system administrators.

 

Thx to Michael Gillespie for the sample.

 

Source