You receive the following email:
You have received a secure message
Read your secure message by opening the attachment, securedoc_2011228T1023948.html. You will be prompted to open (view) the file or save (download) it to your computer. For best results, save the file first, then open it in a Web browser. For access from a mobile device, forward this message to firstname.lastname@example.org to receive a mobile login URL.
If you have concerns about the validity of this message, contact the sender directly.
First time users – need to register after opening the attachment. For more information, click the following Help link.
Help – https://res.cisco.com/websafe/help?topic=ReqEnvelope
About Cisco Registered Envelope Service – https://res.cisco.com/websafe.about
Attack or legitimate email?
There is certain behavior that we teach users to look for that are certain signs of something fishy. For instance, an attached file with instructions on how to open it in a more vulnerable application like a web browser. Which then brings you to some strange site to log in. The problem is the business desire to encrypt email contents. There really isn’t a realistic solution to that problem that I’ll personally ever be happy with. So this is a bit of a half-hearted bitching session by me.
Oh, and of course this is a legitimate email in support of delivering encrypted email. Which is to say it’s not encrypting email at all, just forcing the recipient to go to a third party web site and download it over an HTTPS connection.