The last few weeks there are been an unusually high number of targeted attacks on post secondary institutions. The latest phishing email shows a continuation of the trend.  The email that arrives in your inbox looks innocent enough.

 

 

Innocent enough if you don’t notice the totally wrong email address. For fun, lets pretend that you did indeed ignore the email address and opened the attachment. You are presented with this document.

 

 

Once again the crooks are using a malicious link in a legitimate document to bypass the firewall and antivirus. Clicking the Open button takes you to a compromised website. As our firewall recognizes the malicious URL, I can’t tell you what awaits as the site is being blocked. However, from the email content I assume you will be given a fake login page for Outlook or OneDrive designed to steal your credentials.  This is just a gentle reminder to check the sender’s email address before you click on a link or open and attachment.