'You have received an encrypted message' Email Scam

The 'You have received an encrypted message' emails are being distributed to unsuspecting users as part of a phishing scheme. The fraudsters want to obtain various sensitive and private information from their victims, mainly Microsoft account credentials.

The emails claim to be containing information about a recent payment. However, the important data is placed inside an encrypted attached file that cannot be opened freely. Interested users who wish to view details about the non-existent payment are tricked into opening an HTML file. In turn, that file leads to a fake Microsoft page that asks users to log into their accounts. The con artists ask for numerous account login credentials such as email, phone, Skype username and password.

With the collected information, the fraudsters can proceed to escalate their attack by infiltrating other accounts belonging to the user that share the same credentials. Furthermore, the attackers can abuse the infiltrated accounts to spread more phishing emails, distribute malware threats, obtain personal information and files, or carry out a whole host of other nefarious actions.