Could you resist clicking an email from HR with the subject, 'August 2025 salary bonus has been approved'? MailGuard has intercepted a new phishing email campaign attempting to trick recipients into entering their passwords on a spoofed login page styled to appear like their own company’s website.
Disguised as a message from an internal HR Team, the scam email includes a single link to a deceptive site that captures the user’s credentials. MailGuard’s AI-powered threat detection blocked the scam before it could cause harm to our clients, but we’re sharing details to help others avoid falling victim.
This phishing email is a simple HTML message that originates from `admin(at)marvelautos(dot)com`, using the display name HR Team. It contains a single link via the blue 'View Bonus Details' button that directs recipients to a fake login page.
Once users arrive at the site, the first screen prompts them to enter their email password, under the guise of an internal HR system or policy update. After submission, the phishing site redirects them back to their real domain to complete the illusion of legitimacy.
The attackers use a third-party screenshot service to capture the recipient's company website and display it in the background, increasing perceived authenticity.
This creates the impression of a seamless, trusted environment, which increases the likelihood that victims will enter sensitive login credentials without hesitation, especially in their haste to learn the details of their supposed 'bonus'.
This campaign is classified as a credential harvesting phishing attack. It is deliberately low-profile, relying on:
These characteristics are commonly associated with targeted Business Email Compromise (BEC) and account takeover attacks.
MailGuard’s filters flagged this email based on behavioural and signature-based analysis. However, end users should be aware of red flags:
Even experienced users can be caught off guard by how realistic these phishing sites appear.
MailGuard advises all recipients of these emails to delete them immediately without clicking on any links. Responding or providing personal details can lead to identity theft, data breaches, and financial losses.
Avoid emails that:
Many businesses turn to MailGuard after a near miss or incident. Don't wait until it's too late. Reach out to our team for a confidential discussion by emailing expert@mailguard.com.au or calling 1300 30 44 30.
All that it takes to devastate your business is a cleverly worded email message that can steal sensitive user credentials or disrupt your business operations. If scammers can trick one person in your company into clicking on a malicious link or attachment, they can gain access to your data or inflict damage on your business.
For a few dollars per staff member per month, you can protect your business with MailGuard's specialist, 'zero zero-day' email security. Special Ops for when speed matters! Our real-time 'zero zero-day', email threat detection amplifies our client’s intelligence, knowledge, security and defence. Talk to a solution consultant at MailGuard today about securing your company's inboxes.
Stay up-to-date with MailGuard's latest blog posts by subscribing to free updates. Subscribe to weekly updates by clicking on the button below.