A recent scam involved an email from a credible sender, referring to an attached PDF.

If the attachment was opened - it showed a relatively credible 'Dropbox' message...

However - the link went to a fake site attempting to get your to enter a username and password to 'view the files'.

Sometimes these ask you to sign in with your email credentials or other accounts.

I've got this email - what should I do?

DO NOT open the attachment in the first place - beware of any attachment that is not something you are specifically expecting.  PDFs can contain malicious scripts, and sometimes opening them can be enough to release a malware attack. 

Yikes! I opened the attachment - what now?

If you DO open an attachment with info similar to the below - DO NOT follow the link - this is not how Dropbox messages are sent.

Oops - I followed the link - help!

If you follow a link like this - the big question is... did you enter any details on the site?

Be honest - if you did, you MUST take action.  IMMEDIATELY change the password for the account that you entered details for.  Seek immediate help from your IT team or contact us on 0800 828 123

If this affects a bank website - contact your bank immediately.

LEARN! - Advice for next time

Beware of any attachment that is not something you are specifically expecting

DO NOT follow links in any attachment unless you are very sure they are genuine.

Any and every time you follow a link to a website asking for credentials - even if it is totally expected and credible - CHECK the URL in the browser bar for the following features...

1. Check that the site is secure, with the lock symbol, and with the prefix https (ie. NOT just http) 
2. The URL should match with where you are expecting to be (ie. if you are logging into Trademe - the URL should be trademe.co.nz
3. Scammers are tricky... they may use URLs that look like the right one, but are subtly different... below are a few examples of BAD urls
• https://123.us/?www.trademe.co.nz=login - this INCLUDES a legitimate trademe URL, but the first portion shows it is actually a scam website on another domain.
• https://trademe.security123.io - this includes the word 'trademe' at the front... the last part of the domain name is a completely different site - this is a scam.

This article is intended to raise awareness of Phishing scams, but cannot expect to explain all risks and possible tricks - you are 100% responsible for your online security.  Be careful - it's a jungle out there!