According to GreatHorn the message is rather easy: It claims to be a Doodle poll for a required upcoming board meeting. To make sure the targeted employees – mostly senior executives – fall for the scam the cybercriminals spoof the mail address and personalize the message of the mail.
Now when employees fall for the mail and click on the link they are not send to a poll as promised but rather to a fake Office 365 page, were they are asked to login in order to proceed. You of course guessed right: It’s a phishing page. So once one enters the requested data, the credentials are being sent to the cybercriminals.
Keep an eye out for mails with the headline “New message: [Company Name] February in-person Board Mtg scheduling (2/24/19 update)” – because that’s the one being used right now. Inform your IT security department immediately if you discover it in your inbox. Also don’t click on any links you find in the mail.
There is some more general advice as well of course. Here are a couple of things you can do to avoid these kind of traps and keep safe: