Russian FSB Spear-phishing campaign

As we enter the Holiday season, it's crucial to stay vigilant, as this period often sees a surge in phishing and spear-phishing attempts. With increased online shopping and a higher volume of emails, there's a heightened risk of falling victim to cyber threats.
Currently, there is an active phishing campaign targeting organizations in the UK, spanning various sectors, including academia, defense, governmental organizations, NGOs, think tanks, and politicians. It's important to note that these phishing emails may be directed to both personal and corporate email addresses.
Spear-phishing emails are designed to appear as if they're from someone you know or trust. We urge you to exercise caution and think twice before clicking on any links or opening attachments in emails. A helpful tip is to hover over a link without clicking to reveal the actual website it leads to.
Best Regards,
Your Security Team
 
Today, the Cybersecurity and Infrastructure Security Agency (CISA) released a joint Cybersecurity Advisory (CSA) Russian FSB Cyber Actor Star Blizzard Continues Worldwide Spear-phishing Campaigns. The joint CSA aims to raise awareness of the specific tactics, techniques, and delivery methods used by this Russia-based threat actor group to target individuals and organizations. Known Star Blizzard techniques include:

• Impersonating known contacts' email accounts,
• Creating fake social media profiles,
• Using webmail addresses from providers such as Outlook, Gmail and others, and
• Creating malicious domains that resemble legitimate organizations.