Severe "Phishing" Attack Tricks Users Into Giving Up Credentials

SUBTITLE: Phishing Attack
ACTION: Be Cautious About Email Links

Illegitimate spam messages are not just annoying, they often contain threats to your network security. One particularly dangerous form of these threats is what has become known as "phishing" attack. This involves tricking people into clicking a hyperlink in their email that takes them to what appears to be a legitimate website. Once the user arrives at the fake site they are usually prompted to enter personal information, and then that personal information can be used by the attacker in a variety of bad ways.

Mytech has become aware of a particularly aggressive and dangerous phishing message that has made it through current Anti-Spam solutions and convinces users to enter domain credentials on a false website that looks like their normal Outlook Web Access (OWA). Once the credentials are entered into the site, the attacker is able to take over that company mailbox. Depending on the permissions of that user, this could result in sending thousands of spam messages from a corporate domain or even a loss of data.

Mytech strongly believes in a layered defense approach to security, including an effective anti-spam solution along with a firewall that has a current subscription to security services. But even with these protections in place, there are always new and emerging threats coming into your network. Your final layer of security must be your educated users who should be suspicious of this kind of email. Mytech always recommends exercising extreme caution in clicking hyperlinks contained in email, and being especially cautious of websites that prompt for personal information after you've clicked an email link.

If you have any questions about your current anti-spam solution or about how to secure your network against Phishing and other common attacks, please contact Mytech Partners at 612-659-9800.