Law enforcement is currently aware of a credential harvesting email phishing campaign in circulation.
Cyber criminals are gaining entry to business email accounts and are sending a phishing email to the compromised account’s contact list. The email contains an attachment or a link and asks the recipient to log in using their credentials to view/download the file.
At first, these emails were known to have come from compromised law firms; however we are now aware of other organisations which have also been affected.
The difficulty of spotting these emails is increased due to them coming from a legitimate source or known sender.
If you receive an email from a legitimate source or known sender asking you to log in to be able to view or download an attached file please follow the steps below:
1. Do not open the email, click on the link or reply to the email.
2. Contact the sender by phone or in person to verify if the email is genuine.
3. If you are unable to make contact with the sender or their company or the sender confirms their email account has been compromised please ring 101 immediately and report the incident to your local police force.
4. Follow your own organisation’s policies and procedures and notify your IT department/person responsible for your IT security.
5. If you do not have an IT department reset your password immediately.
6. Where possible, enable two/multi-factor authentication (2FA/MFA); this will work to reduce and mitigate the impact of compromised credentials.
Please note, the above advice is only for incidents where you have received an email from a legitimate source or known sender asking you to log in to be able to view or download an attached file.
This information has been provided by the Northumbria Police Force Specialist Cyber Investigation Team