Outlook “mail issues” phishing – don’t fall for this scam!

[CyberPanther]

Content source

https://nakedsecurity.sophos.com/2020/08/21/outlook-mail-issues-phishing-dont-fall-for-this-scam/

Here’s a phish that our own security team received themselves.

Apart from some slightly clumsy wording (but when was the last time you received an email about a technical matter that was plainly written in perfect English?) and a tiny error of grammar, we thought it was surprisingly believable and worth writing up on that account, to remind you how modern phishers are presenting themselves.

Out are the implied threats, the exclamation points (!!!) and the money ($$$) you might lose if you don’t act right now; in are the happy and unexceptionable “here’s a problem that you can fix all by yourself without waiting for IT to help you” messages of a sort that many companies are using these days to reduce support queuing times.

Yes, you ought to be suspicious of emails like this. No, you shouldn’t click through even out of interest. No, should never enter your email password in circumstances like this.

But the low-key style of this particular scam caught our eye, making it the sort of message that even a well-informed user might fall for, especially at the end of a busy day, or at the very start of the day after.

 

[Cortex]

I've found that for example PayPal scam mails are getting better all the time, of course checking the URL shows they are scam quite a few in UK are still getting caught, PayPal are usually pretty good but we have to beware.

 

[TairikuOkami]

One of the advantages of a password manager, it will not offer you to auto-fill on a fake webpage! That would be a pretty big red flag for me.

 

[oldschool]

it will not offer you to auto-fill

Always keep this option "Off" in any browser.

 

[TairikuOkami]

Always keep this option "Off" in any browser.

Yes. Good password managers require an user to click to autofill, automatic autofill could be used by malware/fake extensions to steal data.

 

[ErzCrz]

Always keep this option "Off" in any browser.

Good idea. I generally just use Edge Chromium built-in for password management but trying to shift that over to KeepassXC which I use as well. Re-connecting to database with Keepass is a bit tedious as it links with desktop one but just trying to have something reliable with TOTP capability for two-factor authentication. Hmm, time to do some research on good free options though KPXC is fairly good Hmm, food for thought anyway. I should take a leaf out of @oldschool book and disable auto-fill.

 

[oldschool]

I should take a leaf out of @oldschool book and disable auto-fill.

In Edge it's "Sign in automatically" > Off.

BTW, I only keep a couple of passwords, e.g. MT in the browser. "Little Black Book" has the rest.

This site has some good info on creating passwords, which is one way to make remembering them much easier.

GRC's | Password Haystacks: How Well Hidden is Your Needle?

Password Haystacks: How Well Hidden is Your Needle?

www.grc.com

 

[Divine_Barakah]

Yes. Good password managers require an user to click to autofill, automatic autofill could be used by malware/fake extensions to steal data.

A good password manager will check the link before autofilling credentials.