Phishing Attack Uses a Fake Meeting Request to Steal Passwords

Phishing Attack Uses a Fake Meeting Request to Steal Passwords

Phishing email messages are going around in an attempt to steal valuable login credentials from company officials. In the latest phishing scheme, GreatHorn security researchers discovered that hackers are using a subject line that uses a recognizable company name and a brief note to reschedule a board meeting with the intention of tricking victims into clicking on the email’s link.

Once a user clicks on the link, they are directed to a phishing site that takes on the appearance of a Microsoft Outlook login page for an Office 365 account. The victim is prompted to input his/her login credentials that ends up in the attackers’ possession.

The phishing email takes on a slightly different appearance on mobile devices, as the attacker’s display name changes to “Note to Self”.

GreatHorn reported that its firm’s customers were among those targeted by the phishing scheme. Such attacks like these would prove to be catastrophic for high level industry professionals, as attackers would be able to use any acquired sensitive data to their advantage.

The URL used for this malicious attack is still circulating through sent emails and remains an active link.

Users are encouraged to be on the lookout for any emails with a subject line stating: “New Message: [Company Name] February in-person Board Mtg scheduling (2/24/19 update)”. If you receive such an email, mark it as spam and delete it immediately.

Try Us

Free Trial    Watch Demo

 

For a hassle free 30 day trial, click the "Free Trial" button, download and deploy a copy of the appliance. No Credit Card required.