Microsoft Outlook users should take care when receiving an email asking them to ‘validate your account’ – this is a phishing attempt by cybercriminals to gain access to sensitive credentials, including your email login and password. With over 400 million Outlook customers using email as part of their daily tasks, it is highly likely that unsuspecting victims will fall prey to this phishing attempt, if not vigilant.
The email purports to be from the ‘Accounts’ department, with the display email address IT_Oprations@tech-centre.com, however, it has actually been sent from a compromised SendGrid account. Eagle-eyed users will notice the spelling error in the email address, ‘oprations’ rather than the correct, ‘operations’ as a first red flag of its illegitimacy. The body of the email uses simple messaging to advise the recipient that their ‘Password has Expired’ and to prevent deactivation of their Outlook account, they are instructed to click on the link provided to validate a password.
Here’s what the email looks like:
The email is hosted on a server and domain controlled by Selected, a web hosting company based in Russia. After the red ‘Click Here’ link shown above is clicked, it leads the victim to an Outlook login page, which asks for the users' email address and password.
Once the credentials are entered and submitted, the attacker harvests them for later use, and the user is met with an error saying “The password you entered isn’t correct. Try entering your correct password again”.
The login pages, as seen above, mimic Outlook Web App branding to try and feign authenticity. With Outlook being a trusted name used by millions of people worldwide, for their daily tasks, cybercriminals frequently capitalise on it by copying the familiar branding and language used by Microsoft. In this case, an alert requiring a change of password and possible deactivation of an account creates a sense of urgency in victims, whereby they need to access their email accounts in order to complete daily tasks.
Providing your account details to cybercriminals means that they have unauthorised access to your sensitive data, such as contact information, calendars, email communications, and more, which could lead to criminal activity such as BEC, identity theft , and other fraudulent activity.
MailGuard urges users not to click links or open attachments within emails that:
One email is all that it takes
All that it takes to devastate your business is a cleverly worded email message that can steal sensitive user credentials or disrupt your business operations. If scammers can trick one person in your company into clicking on a malicious link or attachment, they can gain access to your data or inflict damage on your business.
For a few dollars per staff member per month, you can protect your business with MailGuard's predictive and advanced email security. Talk to a solution consultant at MailGuard today about securing your company's inboxes.
Stay up-to-date with MailGuard's latest blog posts by subscribing to free updates. Subscribe to weekly updates by clicking on the button below.