CYBERSECURITY IMPORTANT ADVISORY
Wednesday March 2, 2022
The cybersecurity incidents are coming fast and furious folks.
The conflict with Russia and Ukraine has produced the busiest and riskiest cybersecurity environment I have ever seen.
There is a new notice out today that I want to make everyone aware of related to the work we’ve been doing to block traffic from Russia, Ukraine, and Belarus to and from your networks.
This is a PHISHING email that is designed to look like it’s coming from Microsoft to alert you that there has been login to your account from Russia.
Here is what to look for:
Subject: Microsoft account unusual sign-in activity
Unusual sign-in activity
We detected something unusual about a recent sign-in to the Microsoft account
IP address: XXX.XXX.XXXX
Date: Sat, 26 Feb 2022 02:31:23 +0100
Platform: Kali Linux
A user from Russia/Moscow just logged into your account from a new device, If this wasn’t you, please report the user. If this was you, we’ll trust similar activity in the future.
Report the user
The Microsoft account team
DO NOT CLICK ON ANYTHING IN THIS EMAIL!
Here are the details
The mail provides a button to “report the user”, and an unsubscribe option.
Should the recipient click the button, they’re not forwarded to a report page.
Instead, it’s a Mailto: URI which opens a fresh email with a pre-filled message to be sent to a specific email account.
People sending a reply will almost certainly receive a request for login details, and possibly payment information, most likely via a bogus phishing page.
It’s also entirely possible the scammers will keep everything exclusively to communication via email.
Either way, people are at risk of losing control of their accounts to the phishers.
The best thing to do is not reply and delete the email.
***** If you leverage our Ironscales platform, we are working with them to report on and block these phishing attempts. *****
I encourage you and everyone in your company to be extra diligent about what they click on.
The number of malicious links spreading around the internet is ramping up quickly.
BE SUSPICIOUS of everything.
Encourage your teams to send us a support ticket to firstname.lastname@example.org if they see any of these emails or websites.
DO NOT forward these emails to us unless we specifically ask you to do so.
President – Continuous Networks