We see lots of phishing attacks pretending to be notices to update email accounts or change credentials for Outlook Web App. Lots of users get confused and fill in these sort of generic forms and reply without really thinking. So many small companies and even ISPs do outsource IT support and email to 3rd parties and an end user never really is sure who the email provider actually is.
This one is slightly more believable than many others and it is quite easy to fall for it.
The email looks like:
From: Keller, Jeff <Jeff.Keller@CHAMP-TECH.com>
Date: Fri 22/07/2016 10:27
Subject: RE: ICT HelpDesk Upgrade
From: Keller, Jeff Sent: Friday, July 22, 2016 4:06 AM Subject: ICT HelpDesk Upgrade
ICT Technical Support
We are migrating all email accounts into Outlook Web App 2016 and as such all active Account Holder are to verify and Log in for the upgrade and migration to take effect now. This is done to improve the security and efficiency due to recent spam mails received.
Click ICT Technical Supportto migrate and block further Spam mails.Regards,ICT Team,Outlook Services for Staff and Internet services.
CONFIDENTIALITY NOTICE: This e-mail communication and any attachments may contain proprietary and privileged information for the use of the designated recipients named above. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message.
The link in the email goes to http://xprs.imcreator.com/free/icthelpdesk/password which looks like this