Tips for Detection

• The email was from jcapcha[@]mef[.]gob[.]pe
• The “To” field was blank
• Email contained multiple grammatical errors
• Email mentions P60s which are tax forms used in the United Kingdom, not the United States
• Technology Services will not ask you to click a link to upgrade your Webmail

Original Phishing Message

Where did the link lead?

The link goes to a fake login page for Outlook Web App. Entering your credentials on this page would lead to attackers having access to your account. Note that even though the site is “https” (has padlock icon) and there is a Captcha prompt, that does not mean the site is legitimate.

Text of Phishing Message

Enviado: lunes, 12 de octubre de 2020 11:03 a.m.
Asunto: office 365 migration user notification

Welcome to the new Webmail for Staff Single Sign-on

Migrate to The new Outlook Web app for Staff is the new home for online self-service and information.

Click on  GATEWAY  and login to:
•                     Access the new staff directory
•                     Access your pay slips and P60s
•                     Update your ID photo
•                     E-mail and Calendar Flexibility
•                     Connect mobile number to e-mail for Voicemail

Everyone is advise to migrate immediately.

Please note that if this message is ignored you will experience difficulty in sending and receiving of email messages through our secure Webmail Portal…

Thanks For Your Time
Information Technology Service