From time to time, we’ll use this blog to update you on specific security alerts of which you should be aware. This post regards a specific phishing attack that we are seeing with increasing frequency.
This attack occurs when an email is received appearing to be from a known sender, and including an attachment. Attempting to open the attachment results in an immediate prompt for a username and password. Do NOT enter your username and password when opening an email attachment.
A successful attack results in a malware actor having access to email credentials allowing the account to be hijacked. Obviously a bad outcome.
Note that a sender you know would notify you in advance if they were sending you a password protected file, if for no other reason than to advise you of the password. If you are ever in doubt, contact the sender to confirm the validity of their message.
And, as always, if you still have suspicions, contact our support team, firstname.lastname@example.org, before opening the attachment and especially before entering any passwords.