New reported phising attempt
There has been a recent phishing attempt via email, with a document link coming from a legitimate DocuSign account:
If you see this email with matching subject, please ignore and delete. If you have received it and clicked on the link, please reach out to security via IT Assist ASAP.
We will continue to see these on a daily basis, being more prevalent around this time of year when companies tend to conduct their year end reviews. Please continue to be vigilant by auditing your incoming emails for known contacts, proper email spelling, and scrutinising any attachments included in any emails.
As a reminder, here are essential tips to help you identify and steer clear of phishing emails, especially those involving fake Microsoft 365 login pages:
• Verify the sender's email address: Check the sender's email address carefully, especially if the email claims to be from a customer or another trusted entity. In the Outlook desktop app and Outlook online, you can hover over the sender’s name to see the email address. Look for any misspellings or suspicious variations in the domain name.
• Even if the email address is genuine, please do not assume that the content of the email is safe. There are active attacks which gain control over a mailbox and sent emails with no requirement to pretend to be the sender. The best way to keep yourself safe is to treat all emails the same, even those from people you have regular contact with.
• Scrutinise the email content: Pay attention to the language and tone of the email. Phishing emails often create a sense of urgency or fear to prompt immediate action. Be wary of emails requesting urgent login or account verification. If logging in with your @optos username, you should always see the Optos logo on the password page. Password pages absent of the Optos logo should be considered suspicious and possibly malicious.
• If you're unsure about the legitimacy of a Microsoft 365 login page, navigate to the official Microsoft website independently (e.g., via a bookmark or typing the URL directly, (https://www.office.com/) and access your account from there.
• Watch out for unusual requests: Be cautious of any Microsoft 365 login page asking for additional information beyond your username and password, such as financial details or security questions.
• Report suspicious pages: If you encounter a fake Microsoft 365 login page or suspect phishing activity, report it immediately to IT Assist or any member of the IT department. They can investigate the issue and take necessary measures to protect our organisation.
By following these guidelines and remaining vigilant, we can collectively safeguard our organisation against phishing attacks and other cybersecurity threats. Remember, your proactive actions play a crucial role in maintaining our digital security.
If you have any questions or concerns regarding this communication, or any other security related questions, please don't hesitate to reach out to IT Assist.