Original Phishing Message

NOTE: If you received this message, please delete it as it is NOT legitimate and do not click the link. If you entered credentials on the linked webpage, please contact the Service Desk immediately as your credentials are likely compromised.

Tips for Detection

• Note the caution banner prepended to the message. Emails that match patterns of other phishing attempts will have this maroon banner.
• Always hover over links before clicking them to determine if they lead to trusted sites.
• Use caution when replying, clicking links, or opening attachments when receiving unexpected emails. If you know the individual but the email feels off, reach out to them via an alternate means of contact.

Where did the Link Lead?

The link led to a phishing site l5z55k[.]axshare[.]com designed to appear like a document sharing page.

When attempting to view the PDF, it would prompt you for credentials impersonating the Microsoft login page.

Text of Phishing Message

From: michael[@]osstherapy[.]com
Subject: CONTRACTS SETTLEMENTS PLANS

Hello,

Good morning. I hope you are well?

Please review below and kindly get back to me.

CONTRACTS SETTLEMENTS PLANS.PDF [link removed]

Thanks

Michael