Cybersecurity Alert - Phishing Email that Attempts to Steal Microsoft Outlook Credentials in Wide Circulation

June 7, 2016

Threat Summary

A phishing email with the subject line "Information Services from Helpdesk" is in wide circulation. The email claims to be from "Help Desk" and contains a PDF attachment that links to a fake Microsoft® Outlook® Web App site that steals your Outlook credentials.

This particular email is likely to bypass spam filters because it appears to be generated by legitimate users who are infected with malware that is sending this spam. The sender servers appear legitimate and reputable to spam filters.

Example of the PDF attachment:

Site that opens when you click "click here" in the PDF attachment:

ACA Aponix Guidance

ACA Aponix recommends taking the following steps to prevent this attack:

  • Block the subject line "Information Services from Helpdesk" in your spam filters;
  • Disable external access to Outlook Web Access, or, at a minimum, enforce two-factor authentication to log in; and
  • Warn your employees about this attack and how to prevent it.

Please reach out to us if you have any questions: