MailGuard has intercepted a phishing email masquerading as an alert about a “progress claim”.
The email is sent from a compromised email account belonging to a COO working in an Australian-based company. The email invites recipients to view an “enclosed progress claim” and appears to be a forward of an automated alert. The alert informs recipients that two messages were sent to them on 11th January 2021. A link is provided to access these messages, with a warning that the files will be deleted after 24 hours “to protect your privacy”.
Here’s what the email looks like:
Unsuspecting recipients who click on the link to view the messages are led to a login page that asks them to verify their account. The page contains an altered version of the Microsoft Office logo. However, the domain used in the URL of the page doesn’t belong to Microsoft – a huge red flag pointing to the email's illegitimacy.
This is actually a phishing page hosted on a compromised website for a company in Nigeria. Once users insert their email address and password, the attacker harvests them for later use, and users are met with an error saying their credentials are invalid, as per below:
Whilst MailGuard is stopping this email scam from reaching Australian businesses, we encourage all users to be extra vigilant against this kind of email and whatever happens, do not open or click them.
By claiming to share a new progress claim, this email scam aims to intrigue recipients, with the inclusion of a 24 hour deadline motivating them to click on the link to view it as soon as possible. The presence of safety disclaimers in the email (like “Message from safe source”) are also likely included in order to boost the legitimacy of the email.
Another technique employed by this email scam to trick users is the usage of Microsoft Office 365’s logo in the phishing pages. Cybercriminals frequently exploit the branding of global companies like Microsoft in their scams because their good reputation lulls victims into a false sense of security, and with such a large number of users they are an easy and attractive target. Their established brand helps convince recipients that the files being shared via this email are secure.
In addition, scams that are initiated from compromised email accounts are particularly dangerous, for a number of reasons:
Despite these techniques, eagle-eyed recipients of this email would be able to spot several red flags that point to the email’s in-authenticity. These include the fact that the email doesn’t address the recipient directly, and that it contains several formatting errors.
As a precaution, MailGuard urges you not to click links within emails that:
One email is all that it takes
All that it takes to break into your business is a cleverly-worded email message. If scammers can trick one person in your company into clicking on a malicious link they can gain access to your data.
For a few dollars per staff member per month, you can protect your business with MailGuard's predictive and advanced email security.
Talk to a solution consultant at MailGuard today about securing your company's network.
Why not stay up-to-date with MailGuard's latest blog posts by subscribing to free updates? Subscribe to weekly updates by clicking on the button below.