Background
On December 9, 2019, Trend Micro became aware of a potential phishing scam, in where potential targets received an email with the subject of Mailbox [to_address] have a pending notification, that refers to an "error in [the user's] mailbox storage system" and directing them to click a link to see a pending notification or risk having the mailbox disabled.
Upon clicking the link, the user will be directed to a fake site that is designed to look like an official Trend Micro site. However, the key difference is that the domain is not an official Trend Micro domain name:
Additional Information
Trend Micro has added the fake URL to our Web Reputation Service (WRS) database and customers utilizing products with this feature enabled will see this URL blocked as malicious.
Trend Micro has also reported this URL to the domain's registrar and other notable site safety scanners to proactively remove and block as well.
Mitigation and Recommendations
- Any customer that may have received the email above, clicked the link and entered in their credentials are advised to change their passwords immediately.
- Customers should enable two-factor authentication (2FA) on CLP and any other site that supports it. More information on enabling 2FA on CLP can be found at Using Two-Factor Authentication in Licensing Management Platform (LMP) and Customer Licensing Portal (CLP).
- Trend Micro customers with products that support Web Reputation Services (WRS) are advised to ensure that it is properly enabled and working to proactively protect users that may accidentally click the link.
- Users are also reminded to always be mindful of any links that arrive in emails. Always verify that the links are going to trusted sites and domains before entering any sensitive information.
Further Assistance
Any customer needing further assistance should reach out to their authorized Trend Micro support representative.