Would you recognize criminal activity if it entered your inbox?
We are all inclined to trust what we know, so when you receive an email from a trusted web service such as Microsoft Outlook or DocuSign telling you that you’ve got unread messages, most of us would be unlikely to question its authenticity and instead blindly follow the directions to retrieve them.
However, over the past month we’ve identified a high volume of activity where attackers are doing just that. They’re cunningly impersonating popular web services such as Microsoft Outlook, DocuSign and Google Docs, trying to entice victims into giving away their credentials.
Criminals are then using these credentials to either commit fraud or to launch targeted spear phishing campaigns within an organization – with an aim to steal the crown jewels.