Teaching individuals how to phish allows them to engage in fraudulent activities for life. Email phishing scammers continue to use outdated methods, such as attaching phishing emails to clean messages or using link redirects on LinkedIn. They also abuse encoding methods to disguise malicious files as harmless documents. In this instance, a phishing email disguised as a Microsoft 365 mailbox delivery report contained an attachment with a ".pdf" file extension. However, the attachment used a right-to-left override (RLO) character to trick recipients. The filename appeared as "lme.pdf" but was actually a .eml file disguised as a PDF. This phishing scam also utilized an open redirect on LinkedIn to send victims to a fake Microsoft Office 365 login page where their email credentials were targeted. Microsoft was the most impersonated brand for phishing scams in Q2 2023. To protect against phishing scams, avoid clicking on unverified links and only visit websites manually. #PhishingScams #EmailSecurity #MicrosoftImpersonation

https://krebsonsecurity.com/2023/08/teach-a-man-to-phish-and-hes-set-for-life/