We’ve started to see an uptick in a certain kind of fraudulent email. These emails place an image that appears to look like how an attachment would look. To an untrained eye – they look just like how attachments look in Office 365.
You should of course use the same caution that we generally advise (don’t open attachments or click links if you don’t know the sender or don’t expect to receive an email from them). I’d like to point out the things specific to this technique though – using the examples below.
Here’s an example of a fraudulent message. I’ve hidden the sender’s name and contact info since the message originated from a (presumably compromised) account at another school. In the screenshot below – if you hover over the attachment, you can see the destination link (which is not microsoft.com, as would show up for a real attachment if you were using the web version of Outlook). The parts where it says “Show all 1 attachments” and “Download” are all part of that same image.
Here on the other hand is a legitimate email with a real attachment. You can see that each of those links (underlined in red in the screenshot below) are actual distinct links. When you hover over each one – the link changes color (as “Download” is in the screenshot below).
