Remove “Classified Documents” phishing email

The “Classified Documents” email is part of a phishing campaign that intends to trick users into revealing their email account passwords. The email falsely claims that the recipient has two new classified documents available and that they can be viewed by clicking on the provided link. Clicking on the link will take users to a phishing site that asks users to log in to their email accounts by typing in their passwords. If users do, the login credentials will be sent to the cybercriminals operating this phishing campaign. This is a fairly typical phishing campaign and is easy to recognize.

 

 

The “Classified Documents” email is disguised as a reminder notification from your email provider about supposed two classified documents waiting to be reviewed. If the documents are not retrieved using the provided link, they will be permanently deleted. The email contains a “Retrieve document(s) here” button, which will lead users to a phishing site. The site is made to look like an email login page. The phishing site will ask users to enter their email password to sign in to their accounts.

The full “Classified Documents” phishing email is below:

Subject: Review Documents and forward for approval

A reminder that 2 New classified documents assigned to ‘******** ‘ are available on ******** CLOUD

waiting retrieval or would be deleted automatically.

Retrieve document(s) here

Powered by
******** CLOUD SERVICES

Email login credentials are particularly valuable to cybercriminals, which is why phishing campaigns targeting them are so common. There are several reasons for this. First of all, many users use the same email account for years for all kinds of things, from personal communications to subscriptions and various services. What’s more, email accounts are connected to many other accounts. Gaining access to an email account could allow malicious actors to blackmail the account holder, as well as access other connected accounts. Thus, users need to be very careful with their email login credentials.

Learning to recognize phishing emails is very important in order to avoid becoming a phishing victim. If users have fallen for this phishing attempt, they must change their passwords immediately to prevent unauthorized access. Users who can no longer access their accounts need to try all the recovery options. If access to the account has been completely lost, users need to remove the email address from all connected accounts to prevent unauthorized access.

What are the signs of a phishing email?

Phishing campaigns can be classified into two types, generic and sophisticated ones. The large majority of users will deal with generic ones whose emails look very unprofessional and obvious. They’re generally full of mistakes and, thus easy to recognize as phishing. Sophisticated phishing emails usually target specific, high-profile people and/or companies. Sophisticated phishing attempts tend to look very legitimate and professional, and thus, significantly more difficult to recognize.

The first thing users need to check when they receive an unsolicited email that asks them to do something (e.g. open an attachment or click on a link) is the sender’s email address. Generic phishing emails are usually sent from obviously fake email addresses because they look very unprofessional or do not contain the domain name associated with the sender. Emails from more sophisticated campaigns may be sent from more legitimate-looking emails. Even if an email address looks legitimate, it’s still recommended to at least use a search engine to look into whether the address belongs to the person or organization it claims to represent. Users should be cautious, as some malicious addresses may look suspicious, and scammers sometimes disguise their emails by altering letters or adding extra characters.

Another sign to look out for is grammar and spelling mistakes. Generic phishing emails, including this “Classified Documents” email, have many mistakes so they are very obviously phishing. You will never find mistakes in emails from email providers, particularly in automatic emails, as they look very unprofessional.

Users should take their time reviewing emails before taking any action, especially when an email urges them to click on links or open attachments. It’s advisable to avoid clicking on links in emails altogether. If users receive a message about an issue with their account, it’s safer to log in manually by typing the URL into their browsers rather than clicking on any links provided.