The Office of Information and Communications Technology (OICT) detected a series of phishing email messages that contain apparent OneDrive notifications and that are designed to steal users’ credentials.
These fraudulent messages are sent from legitimate United Nations email addresses and contains the subject line “File sent via OneDrive”. The messages direct the recipients to click on a link and “confirm with their email to view the document”. Users who click the link will be redirected to a fake login page where they will be asked to enter their Microsoft O365 login credentials.
United Nations accounts that have been compromised earlier are now used to send further targeted phishing email messages asking additional recipients to click on the link and provide their login credentials. OICT is taking steps to block the domains used for the fake login pages, but they keep changing frequently.
We therefore request your increased vigilance:
Do not respond to any email messages or open any attachments or click any links that you are unsure of. Please continue to report such fraudulent messages to the Office of Information and Communications Technology (OICT) (email@example.com) and delete them. Recipients may also contact the "sender" by different means—such as different email address or by phone—to confirm that the message and content are genuine.
Anyone in need of assistance, or who has any questions or comments about this announcement, should contact the Unite Service Desk:
- Unite Self Service at https://unite.un.org/ineedservice
- Telephone at 3-3333
- Consult information security resources available on iSeek (https://unite.un.org/infosec).
- ICT FAQs: How do I recognize phishing emails or malicious messages?
- ICT FAQs: What is Multi-Factor Authentication?