Spam Warning - New Order.11405
We have been seeing this email today which does have quite a good fake Office 365 document download page.
There is a spate of these emails now that are just trying to get your Office365 password - you will never have to type your Office365 password in to another site - in fact your browser will usually remember your password for the correct sites ans so you should never have to type it in again at all. If you have typed your Office365 password into a site to recover a document that turned out to be missing, you should log into office.com and change your password now.
Let's have a quick look at this spam email so that everyone can be sure they have not had their password misappropriated in any way:
From: Solis, Christian <[email protected]>
Sent: Thursday, June 28, 2018 3:03 AM
Subject: New Order.11405
Attachments: New Order.11405.htm
Good Day,
Here with enclosed PO and its for your kind references
please, take a look and see if there is any corrections or additional information required. any question feel free to contact me.
Regards,
Christian Solis
"Clean and Clear"
1 Loop Road, Rear Bldg-2nd Floor
White Plains, NY 10604
T: 914-964-9473 C: 845-954-0943
Email: christian.solis@wfs.aero
Ce message et ses pièces jointes, adressés nommément, sont confidentiels, couverts et protégés par le secret des correspondances prévu et sanctionné par l article 226-15 du Code pénal. Si vous n'êtes pas le destinataire de ce message et/ou des documents qui y sont joints, nous vous remercions de bien vouloir le détruire et en informer sans délai son expéditeur. Toute utilisation de ce message non conforme à sa destination, toute diffusion, toute publication et/ou toute divulgation du contenu de ce message sont formellement interdites, sauf autorisation préalable écrite.
This email and its attachments may contain confidential information and is for the sole use of the intended recipient(s). If you believe that you have received this email in error, please notify the sender immediately and delete it from your system. Any unauthorized use or disclosure of this email is strictly prohibited.
So the email itself appears harmless, but the issue is with the attached HTM file.
Upon opening the HTM files (do not do this at home) we see the following:
The website is obviously trying to get your email password by pretending to be Office365 or your own intranet, but as the micocinavegetariana.com domain in teh address bar shows, this site has nothing to do with your company and is simply trying to steal information.
If you enter any email and password then that information will be received by the phishing data thieves, so beware.
No matter what you enter, you are presented with:
