There has been a recent uptick in phishing emails from well-known online services, like Office 365 and Zoom. The emails received direct victims to click on a fake link and provide their usernames and passwords.
Victims that receive these emails and click on the link are sent to a CAPTCHA verification page, which is used to make the scam seem legitimate. Once “verified,” a fake error page appears asking the victim to log in to their account, giving the cybercriminal instant access to their username, password and ultimately their online accounts. Where many people use the same login credentials for multiple websites, obtaining a valid username and password combination can give a cybercriminal the key to gather enough information about the victim through social media, financial, health, email, shopping and other online accounts to commit significant amounts of fraud and steal the victim’s identity.
Emails containing hyperlinks or attachments that require additional action should be carefully vetted before proceeding. If you are unsure if an email you received is legitimate, do not click on any links, attachments, or provide any information. It’s also important to choose strong and unique passwords for all of your online accounts and to employ two-factor authentication when available. Learn more about phishing online at the Federal Trade Commission website.