Here are a couple of examples of recent attack/phishing emails.

One tries to get your login credentials and the other to download an attackers malicious software payload.

Please work with your people to keep their awareness sharp on these examples and of course should not open an attachment from even a reliable source unless verified someway with the sender.

Maybe even develop a verification type email (What order/file/case # are you contacting us for, etcetera.) or physical contact in the form of a phone call with the email sender/recipient.

As always please contact us with your questions on this material or any technical questions you may have.

These emails were sent to a company; personal material redacted.

Example 1:

Example 1 - Email address and weblinks exposed:

Bogus:

mailto:email@mail.onedrive.com

Bogus:

https://click.mail.onedrive.com/?qs=c3b077fc37f5dcf83b2a43f3417e79481c0426bacf1483b732da22dd4d0684666c97cfc707aa0af01127e29aff91e26b08e123bb708f3cb8

https://click.mail.onedrive.com/?qs=c3b077fc37f5dcf8edcdf350f1a42d69a7f4947ce4c2e05ed100772a6c4c1ece6dcdae53c89d22259e01aeb49c481971310c7c7725aa9f51

https://click.mail.onedrive.com/?qs=c3b077fc37f5dcf871101bdcf2f011a409888a8cd2b9914dbb1db98f647843c93ba29b3ecc21423e96f5f023db62cdd86103de603e9062da

Actual:

https://onedrive.live.com/about/en-us/signin/

Example 2:

Where the hidden weblinks point to:

Bogus website to either collect your login credentials or get you to download the attacker's malicious software or payload.