When you receive an email from a trusted web service such as Microsoft Outlook or DocuSign informing you of unread messages, you might blindly follow the directions to retrieve those messages. Unfortunately, cybercriminals are taking advantage of these trusted brands to convince you to log in to fake website portals and give up your login credentials.
In this Threat Spotlight, we will examine how attackers are cunningly impersonating popular web services such as Microsoft Outlook, DocuSign and Google Docs to entice victims into giving away their credentials to these services. Criminals then use these credentials to either commit fraud or to launch targeted spear phishing campaigns within an organization to steal the crown jewels.
Highlighted Threat: Phishing attack by impersonation of popular web services