Cybercriminals are stepping up their game with a sophisticated phishing campaign that leverages Microsoft’s encrypted message feature to evade detection.
The attack begins with an encrypted email from a compromised Microsoft 365 account, often appearing to come from someone the recipient knows.
When the recipient opens the message, they’re prompted to enter a one-time passcode.
The email then displays what looks like a secure SharePoint document, prompting them to click “Continue.”
Behind the scenes, JavaScript fingerprinting collects system and browser info — and the site may prompt users to enter their login credentials, which are then harvested.
Protect Yourself
- Be cautious of encrypted emails from unexpected sources — even if they appear to come from someone you know.
- Verify directly with the sender through a separate channel.
- When in doubt, don’t click and report it.
Don’t let encryption give you a false sense of security. Cybercriminals are using every tool they can to bypass defenses. Stay alert.
How to Report
Phishing at USC
- In Outlook, use the Report Phish / Phish Alarm button
- Forward email to phishing@usc.edu
- ITS 24/7 Support: 213-740-5555
- Forward texts to 7726 (SPAM)
Suspicious Activity
If you suspect anything suspicious, or think you may have clicked something or installed a suspicious app, contact us:
- security@usc.edu
- ITS 24/7 Support: 213-740-5555