|Text of the phishing PDF|
The link takes victims to a page on a shared hosting site at jimdo.com where the attackers have set up a fake web site. Users who click on the link will be shown this site.
|"OWA" login form|
Now, if your users actually try to type something in, they should note that in no way is the password obfuscated (or blanked out). This is really lazy on the part of the attackers, but not everyone can be a winner. Also, employees should note that this is not an HTTPS site and become suspicious there.
|Should the password be visible here?|
|Wasn't this supposed to be a login form? Where's my email?|