A new and effective phishing scam is making its way around the internet, and it’s very likely it will emerge in the New Jersey legal community within the next few weeks.
Hackers are tricking unsuspecting users into believing they have received an encrypted email message that requires them to put in their login and password to access the information. While encrypted communication from trusted sources is an effective way to share sensitive information, this scam only claims to contain an encrypted message, and ultimately results in either or both of the following: infecting a user’s computer with malicious software and/or stealing their login and password.
Here’s How to Spot It
• An unexpected email will arrive with an alert appearing to be from Office 365 Business or from something resembling your email server. (Look out for subtle or obvious differences.) The alert will claim that your mail server has received an encrypted message.
• It will then instruct you that in order to view the “encrypted message,” you will be directed to use your computer’s login and password or your Office 365 credentials to login to OneDrive for Business or a similar system like DropBox or Google Drive.
What You Need to Do to Stay Safe
Don’t click on anything in a suspicious email, and never provide a login and password for anything other than a trusted, proven source on the internet. If you think an email with an encrypted communication might be legitimate, call the sender to verify it.
When possible, instead access information contained in a link embedded in an email by visiting the sender's website. Just open an internet browser and type in the domain name of the source of the information (e.g., pbs.org, njsba.com).