Detects messages with a link to a Microsoft hosted logo where the sender's display name
and the display text of a link in the body are in all caps, and a request is being made from a first-time sender.
Impersonation of Chase Bank and related services to harvest credentials or related information
such as dates of birth, phone numbers, social security numbers, ATM pin numbers, drivers license
numbers, selfies, and ID card photos.
Originally reported by CERT-UA on 07 March, 2022, phishing emails impersonate
ukr[.]net to steal user credentials. "Compromised mailboxes are used by the
Russian Federation's special services to conduct cyber attacks on citizens of Ukraine."