Phishing Site (Real Example)

This is a real example of a Phishing attempt towards an employee at BOSS Facilities.

Note: The URL has NOTHING to do with Microsoft.

The first red flag is that the user ended up at this link via a suspicious PDF file.

Since attackers can't directly send you links, they are likely to embed them into PDF files or other means.

The point is to have the user enter their credentials. The page will likely display an error message saying the password is wrong until the user gives up. The reason why it gives this error message is because a user is likely to type their password wrong the first or second time but they will be absolutely certain that they typed in the password correctly after the first or second time. Because we have DUO for our users, the attackers would not have gotten far but when a user falls for an attempt such as this, we change their password regardless.