Hackers are always changing and re-inventing their tactics in order to get their purpose done at your expense. The most recent invasion is a twist on an old but effective strategy called Phishing.
Basically Phishing seeks to trick an unsuspecting user to innocently hand over sensitive information, like usernames and passwords that the hacker can then use later for any purpose.
The latest variant attempts to send what appears to be a legitimate email, politely informing the user that they've received a number of confidential emails that are currently being held for them on a server. They're given the choice to either refuse these messages, accept them, or delete them.
However, regardless what the victim picks - all roads leading to the same destination. Whichever linked option is chosen, the user will be routed to a mock-up of a Microsoft Outlook login screen where the user will be prompted to enter his or her credentials. As you might suspect, there are no actual emails, and the only purpose this box serves is to capture the information for later use.
It is possible for the technically astute to look at the web address and realize that it is not a Microsoft domain. There are other details in the message header, as well, that can help someone realize it is a scam.
Unfortunately, 'careful' does not describe the vast majority of internet users, and this ploy has already taken in its fair share of victims.
If you are business, consider email filtering. It is low-cost service provided by managed service IT providers like EDM Automation, in which all emails and their attachments are scanned before they get into the hands of your unsuspecting colleagues and staff members. Additionally, if you see such a Phishing email come into your email box – clearly mark as a threat and send it around your office so people can see how it looks. It only takes one person to slip up and a hacker could gain access to your company's network. That's never a good thing.