UTServicesLISACyber safetyNewsNew phishing campaign

New phishing campaign via legitimate newsletters

Criminals have found a new method to send phishing email.

Many organizations offer the possibility to subscribe to a newsletter on their website. To confirm the registration, those organizations send an e-mail to the specified e-mail address. That e-mail normally contains a link to a confirmation page. This is done to prevent you from subscribing just anybody.

Criminals have now found a way to add their link to that email. Spam filters do not recognize the email as spam. Recipients, too, see nothing strange about it. Maybe they think they don't remember that they signed up. The email starts with a text that they can win something. Because everything indicates that the email comes from a legitimate organization, many people will still click on the added link. Which makes them end up on the phishing site.

So if you receive an email suggesting that you have signed up for a newsletter AND the email claims that you can win something, treat it like any other phsihing mail:
Report the mail to CERT-UT and then delete it.

Computer Emergency Response Center