18 Sep 2017
Office 365 phishing and credential harvesting campaign
CERT NZ has received reports of a phishing campaign that steals your login details (called credential harvesting) affecting many New Zealand businesses and organisations.
We highlight current cyber security threats in New Zealand, and provide guidance on what to do if they affect you.
CERT NZ has received reports of a phishing campaign that steals your login details (called credential harvesting) affecting many New Zealand businesses and organisations.
In the reports that CERT NZ has received, a person receives an email claiming that someone would like to share a large file or photos, and provides a link for the recipient to click to log in and download the file.
Clicking on the link takes the recipient to a convincing looking website that looks like an Office365 login. The page asks the person to enter their user name and password. If they enter their details, the scammer sends the same phishing email to all of the contacts in their email address book. This campaign has reached a wide range of New Zealand organisations, across multiple industries.
This campaign is spread by email. Be cautious of emails claiming that someone would like to share a large file or photos with you. This campaign is sophisticated and looks like it is from someone who would know you.
If you or your organisation has been affected by this scam, CERT NZ recommends:
If you’ve been affected by this scam, or require further support, submit a report on our website or contact us on 0800 CERT NZ.