This is a phishing attempt first reported to CSULB ITS on June 11, 2018.

From:  Security Notification <d1@metroplis.sg>
Sent:  Saturday, June 9, 2018 4:03 AM 
Subject:  Password Reset

 

Summary

The fraudulent email claims that the User's email account will be removed within 24 hours because of a request to shut down the email account. The email instructs the user to click on the provided link(s) to restore their email account if the request was an error. The link(s) provided takes the user to a web page that mimics the log-in page for Office365. In the fraudulent email, the link provided next to the address downloads a file with an image of the Window's logo into the User's computer.

Intent of the Email

The phisher/sender is attempting to capture email account credentials for their own malicious purposes. 

Screenshots

Figure 1: Screenshot of the phishing email

Figure 2: Screenshot of the fraudulent phishing page

Figure 3: Screenshot of the downloaded file

View all Phishing Reports:

All Phishing Reports