Building contract invoice email delivers phishing attack

Posted by Akankasha Dewan on 29 August 2019 16:49:44 AEST

Malicious links can masquerade in any form, and cybercriminals often take advantage of this fact when tricking innocent victims. MailGuard intercepted a fraudulent email using a PDF thumbnail to host a malicious link earlier this morning (AEST).

The email masquerades as a notification announcing the arrival of a building contract invoice. MailGuard understands the email actually originates from a single compromised email address.

The body of the email contains a PDF thumbnail and instructs recipients to review it. It asks the recipients for ‘the necessary steps to take in completing this project and getting this invoice’. A signature is provided at the end of the email, claiming it is sent from an ‘Office Administrator’. A logo supposedly of the company it is spoofing is also included.

Here is a screenshot of the email:

pdf thumbnail

Unsuspecting recipients who click the PDF thumbnail are first directed to a URL, and then to a second URL which is a fake Office 365 branded login form, as seen in the screenshot below:

contract phishing 2

 

This is an actual phishing page designed to harvest Office 365 users' credentials.

 Whilst MailGuard is stopping this email scam from reaching Australian businesses, we encourage all users to be extra vigilant against this kind of email and whatever happens, do not respond to it.

While this email scam incorporates the logo of the company it’s purporting to be from, it raises several red flags that directly point to the email being a scam. For example, the email itself is poorly worded and contains spelling mistakes such as ‘the secured doccument’.

The above email scam is a great example of how cybercriminals can leverage routine business correspondence to trick unsuspecting recipients. Even if a potential victim doesn't recognise the sender details, they might conceivably download the file to satisfy their curiosity.

MailGuard urges all cyber users to be vigilant when accessing their emails and look out for tell-tale signs of malicious emails.

To reduce the risk of being tricked by one of these scams, you should immediately delete any emails that:

  • Appear to be from a well-known organisation, typically a bank or service provider and are not addressed to you by name and may include poor grammar.
  • Ask you to click on a link within the email body in order to access their website
  • Ask you to submit personal information that the sender should already have access to.

Stop email fraud

Cybercriminals know we can be tricked; that’s why they send out millions of scam messages and put so much effort into making them look convincing.

People aren't machines; we're all capable of making bad judgement calls. Without email filtering protecting your inbox, it’s all too easy to have a momentary lapse of judgement and click on the wrong thing.

Don't get scammed

If your company’s email accounts aren’t protected, emails like the one above are almost certainly being received by your staff.  Cybercriminals know people can be tricked; that’s why they send out millions of scam messages and put so much effort into making them look convincing.

People are not machines; we're all capable of making bad judgement calls. Without email filtering protecting your business, it’s just a matter of time before someone in your organisation has a momentary lapse of judgement and clicks on the wrong thing.

For a few dollars per staff member per month, you can protect your business with MailGuard's predictive email security.

Talk to an expert at MailGuard today about making your company's network secure: click here.

Stay up-to-date with new posts on the MailGuard Blog by subscribing to free updates. Click on the button below:

Keep Informed with Weekly Updates

 

 



Topics: Xero

Back to Blog

Comments:


Something Powerful

Tell The Reader More

The headline and subheader tells us what you're offering, and the form header closes the deal. Over here you can explain why your offer is so great it's worth filling out a form for.

Remember:

  • Bullets are great
  • For spelling out benefits and
  • Turning visitors into leads.

Recent Posts

Posts by Topic

see all