There is an influx of emails that prods users to change their passwords or otherwise something will happen to their accounts. This type of scam is derived from online services that alert users when it detects “unusual” activity on the account.

For example, services send notifications about attempts to reset the phone number and email address linked to the account, or the password. As soon as such messages became commonplace, enterprising cybercriminals tried to imitate this mechanism to attack corporate users.

Scams can easily be detected as long as users know the red flags. One of which is if the message is filled with grammatical errors or the language is incorrect.

Scammers exploit Ukrainian conflict with donation drive scam
Companies entrust threat intelligence tasks to external support — report

“It seems to be at once about linking a new phone number and about sending a password reset code. Nor does the “support” e-mail address lend credibility to the message: there is no plausible reason why a support mailbox should be located on a foreign domain (let alone a Chinese one),” Kaspersky said.

The attackers are hoping that their victim, fearing for the security of their account, will click the red DON’T SEND CODE button. Once done, they’re redirected to a website mimicking the account login page, which, as you’d imagine, just steals their password. The hijacked mail account can then be used for BEC-type attacks or as a source of information for further attacks using social engineering.

To minimize the chances of cybercriminals getting their hands on employees’ credentials, communicate the following to them:

• Never click on links in automatic security notifications, whether real looking or not.
• On receiving a notification, check the security settings and linked details, do so by opening the website in the browser manually.
• A clumsily worded notification (as in the example) is best ignored and deleted.
• If the notification looks real, notify the IS service or security officer; it may be a sign of a targeted attack.

How to protect company employees from phishing

In general, it’s best to keep phishing emails out of employee inboxes altogether. Ideally, they (plus all other unwanted correspondence, including spam, messages with malicious attachments and BEC-related emails) should be intercepted at the mail gateway level. To combat these very threats, we have recently updated our email protection solution for gateways. Learn more on the Kaspersky Secure Mail Gateway page.