A new phishing campaign which has hit students of UK universities
Some Higher Education Institutions have observed a targeted OneDrive phishing** attack. The email came from a spoofed internal account and had a similar look and feel of a typical OneDrive for Business sharing email.
The link in the phishing email, sends the user to a fake Office 365 portal sign-in page (eventsbyfd*com) and asks for logon credentials. It then goes on (once entered) to ask you for more personal data e.g. mother’s maiden name etc. So the intention of the attack appears to be to harvest user credentials only and not to infect device with ransomware malware.
Phishing is a form of social engineering where the attacker attempts to trick people into revealing private information by sending spoofed e-mails that appear to be from reputable companies. Phishing e-mails provide a link to a seemingly authentic website where you can login and reveal your username, password and other personal identifying information. Online scammers can then use this information to access your accounts, gather additional private information about you, and make purchases or apply for credit in your name.
Further advice can be found at the link below: