A new phishing campaign is underway that pretends to be an alert from your email server that it has received an encrypted message for you. It then prompts you to login to a fake OneDrive site in order to read the message.
As phishing campaigns are getting easier to spot, scammers are coming up with new and more interesting ideas to trick people into entering their email credentials.
An example of this is a new campaign that uses the subject line of “Encrypted Message Received” and pretends to be a notice from your mail server stating that you need to login to read an encrypted message.
The text of this phishing scam can be read below.
domain.com Encrypted Message Received : You have received and encrypted email from : domain.com View Encrypted Email domain.com Admin copyright 2019
When a recipient clicks on the “View Encrypted Email ” they will be brought to a fake OneDrive for Business page that prompts you to click an Open button view the message.
When clicking this button you are brought to another page that pretends to be a OneDrive login form that asks you to login with your “professional email login”. Once you enter your email login credentials, the attackers will be able to retrieve it later
As always, when receiving emails that lead to login forms, make sure to examine the URL where the form resides before entering your login credentials. In this particular case, the URLs are not associated with a user’s email account and thus should be treated with suspicion and be avoided.
If there is any doubt, always ask your system administrators.