We’ve seen this one come though a lot lately, and while our tools are getting better at blocking them, you still need to vigilant (like you do with every questionable email) to make sure you don’t fall victim.
In this latest phishing email scam, attackers appear to be using compromised email address books to send legitimate-looking emails from legitimate contacts you may have received emails from before. Inside the email you’ll see a legitimate link to an online document, using reputable third parties like Office 365’s OneNote or OneDrive tools, Evernote, Dropbox or Google Docs (which is why these frequently get past spam filters). Once you click onto the legitimate site, you’re presented with a link to an illegitimate document that is built to compromise your system or your account.
As always, watching out for these types of phishing attacks, especially if they look like you’re coming from somebody you know (a common spearphishing technique). If you have any questions about an email you receive, don’t hesitate to contact us immediately. You can read more of the technical details about this particular scam here.