MailGuard is today blocking a large run of phishing emails impersonating multinational technology giant Microsoft, which hit thousands of inboxes in Australia and beyond this morning.
At the time of writing, none of 67 commonly-used scam-detection vendors were flagging the email as malicious.
It’s an increasingly popular tactic by scammers: leveraging the trust gained by household names. The ploy has led to a spike in the number of scam emails impersonating popular brands such as Australia Post, DropBox, PayPal, Optus, eBay, DHL, AGL, NAB and Telstra.
It’s easy to see why: they’re reputable companies whose services are used by millions of people. If just a few people fall victim, it’s potentially a mammoth payday for the cybercriminals.
Today’s fake Microsoft scam contains a PDF attachment linking to a fake log-in page. It’s designed to harvest recipients' Microsoft log-in credentials.
Here’s how the new scam works: An email arrives, purporting to be from Microsoft, with the subtitle: ‘Microsoft email verification’. It tells recipients their accounts will be suspended if they fail to complete the account verification process.
Instead of embedding a link within the email, a PDF attachment contains the phishing link (above). This makes it more difficult for Realtime Blackhole Lists (RBL) to detect the scam. RBLs keep track of domain names and IP addresses known to generate spam.
This tactic is popular for two reasons: email scanners can’t typically read the text in a PDF file, and the link itself is housed away from the email body.
Those who open the PDF file and click the link are taken to a fake Microsoft portal where they’re asked to input their email address and password.
Clicking ‘Continue’ redirects victims to a legitimate Microsoft sign-in site, to make the process seem authentic.
What if I received this email?
Microsoft’s website offers instructions on how to recognise and report a potential scam.
How MailGuard can protect you and your business
The financial, reputational and litigation costs associated with phishing can be huge, and it’s important that your business takes steps to protect itself.
By employing a cloud-based email and web filtering solution such as MailGuard, you’ll also reduce the risk of these new variants of phishing from entering your network in the first place.
Our benchmarking shows that MailGuard is consistently between 2 hours and 48 hours ahead of the market in preventing new attacks.
Find more tips on identifying email scams by subscribing to MailGuard’s blog.
Keep up to date on the latest email scams by subscribing to MailGuard’s weekly update or follow us on social media.