MailGuard has intercepted a phishing email masquerading as a security notification, sent supposedly from “Outlook Web Application”.
Titled “Last Warning For Validation Now”, the email body includes a header with the words “Outlook Web App”. It instructs users to validate their account, informing them their admin service “will not be held responsible for any problems” should they fail to do so. A link is provided for users to validate their accounts, and the email ends with a sign off from “The Outlook Web Application Team”, along with a footer claiming the email is from the “Microsoft 2020 Mail Center”. However, the email address in the “from:” field doesn’t use a domain belonging to Microsoft, or from the recipient's company. In addition, the email body employs no official branding elements. It actually originates from compromised servers based overseas.
Here’s what the email looks like:
Unsuspecting recipients who click on the email are led to an intermediary page that automatically redirects them, then leads to a login page asking them for their email address and password, as per the below:
This is a phishing page hosted on an external file storage system. Once users “sign in”, the attacker harvests their credentials for later use, and users are redirected to the website associated with their domain. Interestingly, this page does automatic checks to generate targeted branding based on recipients’ email addresses. It automatically fills in details (the recipient’s company name and logo) based on the domain provided in the recipient’s email address. It appears that the icon is pulled dynamically from the favicon of the website associated with the domain – this is likely an attempt to boost the credibility of the phishing page and convince recipients that the email is actually sent from a legitimate source associated with the recipient.
We strongly advise all recipients to delete these emails immediately without clicking on any links. Please share this alert with your social media network to help us spread the word around this email scam.
The phishing email contains several typical elements that attempt to trick recipients into falling for the scam:
- purporting to be from a relevant authority to inspire false trust; the use of the ‘Outlook Web Application’ header and,
- an attempt to alarm; using a subject line containing the words “Last Warning” creates a sense of urgency & intrigue, motivating recipients to validate their accounts by clicking on the malicious link without pausing to check for its legitimacy.
Despite these elements, the email in itself contains several tell-tale signs that commonly belong to fraudulent emails and should help eagle-eyed recipients point to its illegitimacy. These include spelling errors (like “Admin! service”) and awkward spacing, as well as the fact that the domain used in the “From:” address and in the phishing page link is a suspicious one. These red-flags highlight the importance of phishing training for employees of any company, as this particular attack could be thwarted by checking for these red flags before taking any action.
Cybercriminals frequently impersonate global companies like Microsoft in their scams, because their good reputation lulls victims into a false sense of security. Because of the large number of users globally, Microsoft is a regular victim of these scams.
As a precaution, MailGuard urges you not to click links within emails that:
- Are not addressed to you by name.
- Appear to be from a legitimate company but use poor English, or omit personal details that a legitimate sender would include.
- Are from businesses that you were not expecting to hear from.
- Take you to a landing page or website that is not the legitimate URL of the company the email is purporting to be sent from.
One email is all that it takes
All that it takes to break into your business is a cleverly-worded email message. If scammers can trick one person in your company into clicking on a malicious link they can gain access to your data.
For a few dollars per staff member per month, you can protect your business with MailGuard's predictive and advanced email security.
Talk to a solution consultant at MailGuard today about securing your company's network.
Why not stay up-to-date with MailGuard's latest blog posts by subscribing to free updates? Subscribe to weekly updates by clicking on the button below.