This week, we uncovered an attack that claims a password is about to expire.  We saw this across multiple organizations.

It works like this:

The subject of the email reads: ՍPDАTЕ- Ехрirаtiоn Nоtifiаtiоn

(It's worth noting the double spelling errors.)

The body links to a page that says it will allow you to change your expiring password, but in actuality is just harvesting your credentials.

Here's what it looks like:


image (31)

You'll then be directed to this page:

image (32)



Sign Up For Attack Alerts