Akankasha Dewan 08 September 2020 19:11:05 AEST 3 MIN READ

Alert: Phishing email sent via compromised account exploits Microsoft branding to trick users

Microsoft is once again the subject of a phishing email scam.

MailGuard intercepted a malicious email in the form of a file-sharing notification from an account that appears to be compromised. The email body contains the Microsoft logo, and invites recipients to review the document via a button.

Here’s what the email looks like:


Unsuspecting recipients who click on the link to “review document” are redirected to a page containing Microsoft’s logo and a reCAPTCHA form. This page is hosted on a new Namecheap domain that was registered recently.

Microsoft recaptcha

After the reCAPTCHA form is filled, it leads users to a fake Microsoft-branded login page that asks for their email address and password.

Microsoft test

Once these credentials are entered and submitted, the attacker harvests them for later use, and the page displays an error saying that the credentials are invalid.

Microsoft test 2

test 3

Whilst MailGuard is stopping this email scam from reaching Australian businesses, we encourage all users to be extra vigilant against this kind of email and whatever happens, do not respond to it.

By claiming that a new document has been shared, this email scam aims to intrigue recipients, motivating them to click on the link to view it as soon as possible.

It’s also interesting to note the inclusion of the reCAPTCHA feature before users are led to the phishing page. This is likely to be an evasion tactic, designed to thwart automated link checking by email security filters. Safety features like this are also likely to be present in official notifications from a well-established company like Microsoft – once again helping to boost the email’s credibility.

In addition, using a file-sharing notification to trick users is another trick employed by cybercriminals to avoid detection. In the midst of the current COVID-19 pandemic, it’s common for employees working remotely to share confidential business documents with one another via email, so notifications like this one aren’t likely to raise too much suspicion.

Cybercriminals frequently exploit the branding of global companies like Microsoft in their scams, because their good reputation lulls victims into a false sense of security. Because of the large number of users globally, Microsoft is a regular victim of these scams.

Phishing continues to be one of the most prevalent forms of cyber-crime. The vast majority of online scams - more than 90% - are perpetrated using email, so it’s wise to always be sceptical of messages from unfamiliar senders asking you to log into your accounts.

Phishing attacks can be enormously costly and destructive, and new scams are appearing every week. Don’t wait until it happens to your business; protect your business and your staff from financial and reputational damage, now.

One email is all that it takes

All that it takes to break into your business is a cleverly-worded email message. If scammers can trick one person in your company into clicking on a malicious link they can gain access to your data.

For a few dollars per staff member per month, you can protect your business with MailGuard's predictive and advanced email security.

Talk to a solution consultant at MailGuard today about securing your company's network.

Why not stay up-to-date with MailGuard's latest blog posts by subscribing to free updates? Subscribe to weekly updates by clicking on the button below.

Keep Informed with Weekly Updates