Medium
An ongoing phishing attack puts pressure on enterprise employees to upgrade their Windows 7 systems but in reality, they are redirected to a fake Outlook login page that steals their credentials. The phishing emails in question, entitled “Re: Microsoft Windows Upgrade,” use the “re” prefix, which researchers said may instill a sense of urgency by leading the user to believe they have missed a prior communication about the upgrade. The email tells recipients, “Your Office Windows computer is Outdated and an Upgrade is scheduled for replacement Today,” and includes a schedule. Below, it then tells users, “To Upgrade your Windows 10, please open your browser to the Windows 10 Upgrade Project Site,” pointing to a URL. This link then takes the recipient to the phishing landing page.
Credentials theft