Microsoft is Tracking Another Email Phishing Campaign

Microsoft recently announced a widespread phishing campaign that exploits URL redirector links in an attempt to phish user credentials.  According to the notice:

Attackers combine these links with social engineering baits that impersonate well-known productivity tools and services to lure users into clicking. Doing so leads to a series of redirections—including a CAPTCHA verification page that adds a sense of legitimacy and attempts to evade some automated analysis systems—before taking the user to a fake sign-in page. This ultimately leads to credential compromise, which opens the user and their organization to other attacks.

The best way to protect against this and other forms of email phishing? Verify, verify, verify. If you receive an email with an attachment or link that you did not expect, even if it appears to be from a legitimate and familiar person, organization, or vendor, it is wise to contact them directly to confirm that they did, indeed, send the link or attachment prior to opening. A phone call is often the best bet, in case the person’s email account has been compromised.

KnowB4 offers some additional guidance. MMRMA offers Risk Avoidance Program (RAP) grants to members help pay for training and other cybersecurity measures. Go here to access grant guidelines and applications. Contact Membership Services for additional risk control assistance.