New phishing campaign urges users to login to fake site to read an encrypted message

• The phishing emails have subject lines similar to ‘Encrypted Message Received’ and includes a link stating ‘View Encrypted Email’.
• Once users log in with their email credentials, the entered login credentials are saved, which will later be retrieved by the attackers.

A new phishing campaign that asks users to log in to a fake OneDrive site in order to read an encrypted message is making rounds.

How does it work?

This phishing campaign pretends to be an alert from your email server stating that you have received an encrypted message.

• The phishing emails have subject lines similar to ‘Encrypted Message Received’ and includes a link stating ‘View Encrypted Email’.
• Upon clicking on the link, it redirects to a fake OneDrive for Business page.
• The phishing page prompts users to click on the ‘Open’ button to view the message.
• Once users click the button, it redirects to a OneDrive login page that prompts users to login.
• Once users log in with their email credentials, the entered login credentials are saved, which will later be retrieved by the attackers.

Contents of the phishing email

“Encrypted Message Received :

You have received and encrypted email from : domain.com

View Encrypted Email,” the phishing email read, BleepingComputer reported.

How to stay safe?

• It is always recommended to examine the URL before entering login credentials.
• It is best to never open any email or attachment that are from anonymous senders.

The bottom line

If you receive any such email prompting to log in to read an encrypted message, then remember not to enter your login credentials, as it is likely a phishing scam.