Article sourced from Abnormal Security. Full article can be found here.
Several phishing campaigns have surfaced, targeting Microsoft Office 365 (O365) in an attempt to steal login credentials. One particular campaign tries to imitate an official notification from Microsoft Outlook in order to steal credentials from the users they are targeting. The email is characterized by a sense of urgency to quickly upgrade O365 within 24 hours to avoid email delays. The message contains an embedded link, that when clicked, leads to a fake Microsoft login page. The login page is made to look convincingly real, but if the user enters their credentials, any information the user provided on that page will be compromised.
If you believe you have received this phishing message, please do the following:
- Do not respond to the message.
- Do not click on any attachments or links.
- Do not call any number listed.
- Do not provide any private information such as username and password.
- Delete the message.
- If you did respond to the email and provide sensitive information, please contact Fordham IT Customer Care ASAP at (718) 817-3999 for instructions on how to manually reset your password.
Please note: Fordham IT will NEVER ask you for your username and password or ask you to click any links to validate or verify your account or password. If you receive questionable or suspicious emails, contact IT Customer Care and allow the University Information Security Office (UISO) to validate the legitimacy of these emails.
You may also report potential phishing and malicious emails with one click from your Fordham Gmail safely and in real-time with the Cofense Reporter Gmail add-on. You can learn more about Cofense here: https://itsecurity.blog.fordham.edu/2018/10/04/introducing-cofense-reporter/
If you have any questions or concerns, please contact IT Customer Care at (718) 817-3999 or via email to: HelpIT@fordham.edu.