Outlook Quarantine Phishing Scam Cyber attackers deploy new email quarantine alert tactic to lure victims.

Chapman University’s Department of Information Security would like to make you aware of an emerging phishing scam targeting institutions’ Outlook quarantine policy. Cyber attackers are using legitimate email quarantine messages to lure users into unknowingly giving up their username and password.

Here is how the phishing scam works:

1. The attackers impersonates technical support sending fake email quarantine alerts:
   • Users will receive an “urgent” email from the attackers with the following:
     1. From: “Support”
     2. Subject Line: “Action Required”
     3. Email Body: “Two emails have been quarantined and will be deleted in 3 days if no action is taken.”
2. Then, the attackers embed a link that loads the legitimate business page and applies a fake login box on top of it.
3. Users will also see a message saying their session has “timed out” and that they need to log back in.
4. The user then enters their login credentials (username and password) on the fake login field.
5. Attackers now have the user’s login information and can access their account information.

What can we do to prevent being scammed?

1. Chapman no longer quarantines suspicious emails. This means that you will not receive quarantine emails from IS&T. If you do, immediately report it.
2. If you are unsure about the legitimacy of an email, please check the Chapman information security page for status on the latest phishing emails; If you do not see your email posted on the page, then please report the email.
3. Register for Two-Factor Authentication (2FA). 2FA adds an extra layer of protection that requires users to authenticate their login information via the Microsoft Authentication App or a 6-digit code received via text or phone call. In the event your username and password are compromised, this extra step will block unauthorized users from accessing your account.