How to avoid the phish – even if its a board meeting request from your boss
If you work in an office you know the drill: If you get a meeting request from your boss, you better accept it – and fast. Most people would probably even accept it without checking it out any further.
Now, while it’s definitely not wrong to accept meeting requests without much of a thought you should always be careful if it is more than just another addition to your Outlook calendar: Researchers from GreatHorn identified new phishing messages that seem to be from your boss, but are actually not.
Board Meeting Doodles – is this even a thing?
According to GreatHorn the message is rather easy: It claims to be a Doodle poll for a required upcoming board meeting. To make sure the targeted employees – mostly senior executives – fall for the scam the cybercriminals spoof the mail address and personalize the message of the mail.
Now when employees fall for the mail and click on the link they are not send to a poll as promised but rather to a fake Office 365 page, were they are asked to login in order to proceed. You of course guessed right: It’s a phishing page. So once one enters the requested data, the credentials are being sent to the cybercriminals.
What to do in order to stay safe
Keep an eye out for mails with the headline “New message: [Company Name] February in-person Board Mtg scheduling (2/24/19 update)” – because that’s the one being used right now. Inform your IT security department immediately if you discover it in your inbox. Also don’t click on any links you find in the mail.
There is some more general advice as well of course. Here are a couple of things you can do to avoid these kind of traps and keep safe:
- Make sure you have an Antivirus (for example Avira) on your PC and keep up-to-date with it to ID incoming attacks.
- Use your head when opening mails or attachments and following links.