MailGuard has detected a new phishing attack exploiting the trademarks of the Law Council of Australia, Office 365, Yahoo, GoDaddy, Hotmail, AOL, The Law Institute of Victoria, and many others.
This phishing attack is aimed at collecting the login names and passwords of victims.
The simple scam email is in plain text:
If the recipient clicks on the “click here to read” link, they are taken to a PDF document with a malicious link that opens this phishing page:
This page offers the victim a range of different “login” options - Office 365, Yahoo, GoDaddy, Hotmail, AOL, etc - all of which are fake, of course.
Any login details entered on this phishing page are captured by the criminals behind the attack to be used in identity theft and social engineering attacks.
What is "phishing?"
Phishing is the practice of tricking email recipients into revealing personal information that criminals can exploit for gain.
Phishing emails go to a wide group of random people; it’s like a fisherman casting a wide net to see what he can catch. The attackers know that not everyone will respond, but they know that if they send enough emails out somebody will probably take the bait.
A phishing attack message will typically include a link that will send the unwary victim to a fake login website. Once there, the user will be asked to enter username and password data which will be automatically captured by the phishing page.
Scammers use phishing pages to collect login credentials for email accounts, bank accounts, and a wide range of other online services.
What is "brandjacking?"
Brandjacking is basically a kind of forgery. Scammers use the trademarks of well-known companies in their emails to deceive their victims and gain their trust.
In a typical brandjacking scam, criminals create email templates that look like messages from big companies and send them out wholesale to millions of recipients. When the scam message shows up in a victim’s inbox they feel safe opening it because it looks like a legitimate message from a familiar company.
Some commonly used brandjacking formats are fake invoice notifications or requests for account verification.
Stay up-to-date with new posts on the MailGuard Blog by subscribing to free updates. Click on the button below:
