An attacker is attempting to take advantage of the recent warnings about possible Iranian cyberattacks by using it as a theme for a phishing attack that tries to collect Microsoft login credentials.
With the rising escalations between the United States and Iran, the U.S. government has been issuing warnings about possible cyberattacks by Iran and potential attacks on critical U.S. infrastructure.
To take advantage of this increased tension, an attacker has created a phishing scam that pretends to be from ‘Microsoft MSA’ and has an email subject of ‘Email users hit by Iran cyber-attack’ warning that Microsoft’s servers were hit by a cyberattack from Iran.
The phishing email goes on to say that in response to this attack, Microsoft was forced to protect their user by locking their email and data on Microsoft’s servers. To gain full access again to this locked data, the phishing email says that the recipient must log in again.
The scam has managed to bypass Outlook’s spam filters and arrive in the service’s inbox, and if a user enters their login credentials, they will likely be stolen by the attackers and used for other attacks. These attacks could include targeted phishing scams, credential stuffing attacks, or even data theft.
This inordinate number of steps that seem obviously out of the norm is what should be raising red flags in the user’s mind. It’s only through Security Awareness Training that users begin to understand that should they encounter a scam that feels as awkward as this, that it should be treated as suspicious and further contact with it should be avoided.
With thanks to the Cyber Defence Alliance and BleepingComputer. The full story is here: https://www.bleepingcomputer.com/news/security/microsoft-phishing-scam-exploits-iran-cyberattack-scare/
Request Your Security Awareness Training Demo
New-school Security Awareness Training is critical to enabling you and your IT staff to connect with users and help them make the right security decisions all of the time. This isn’t a one and done deal, continuous training and simulated phishing are both needed to mobilise users as your last line of defense.
Request your one-on-one demo of KnowBe4’s security awareness training and simulated phishing platform and see how easy it can be!
PS: Don’t like to click on redirected buttons? Cut & Paste this link in your browser: https://info.knowbe4.com/one-on-one-demo-partners?partnerid=001a000001lWEoJAAW