New Phishing Campaign Claims to Require Users to Log Into Access Encrypted Message

A new phishing campaign affecting Office 365 Business users poses as an alert from your email server and claims to be in receipt of an encrypted message. According to the email, to view the encrypted email, the user must login to OneDrive for Business; however, the embedded link sends the user to a fraudulent site. Any credentials entered into the website are sent to the threat actor. A key indicator of the scam is that Microsoft Business accounts should be protected by multi-factor authentication (MFA) which the user is not prompted for. The NJCCIC highly recommends users avoid clicking on any links contained in suspicious emails and to enable multi-factor authentication where available. To access an account, manually type the URL into the address bar of the browser. For further details please read the Naked Security article.