Confidential business documents such as contracts, legal documents and finance records are commonly passed on from one recipient to another via email. But how can you tell if links to such important documents are safe to click when they appear in your inbox?
That question became all the more pertinent when MailGuard detected a new phishing email scam infiltrating inboxes around late morning today (AEST). Using a display name of a compromised user, the email appears to be ‘generated by Egnyte’ and is sent via the software company’s domain.
The message body advises the recipient that the sender has shared a file with them, titled ‘UNSW Law Investment Document (Important)’. A link is provided to view the file, which is in PDF format. Here is a screenshot of the email:
Unsuspecting recipients who click on the link to open the document are led to what appears to be a authentic-looking WeTransfer email for sharing a file. A link is present to "view folder."
Clicking on the ‘view folder’ link leads recipients to an Office 365 phishing page, as per the screenshot below:
As you can see from all of the screenshots above, cybercriminals have utilized high quality graphical elements when spoofing all 3 brands: Egnyte, WeTransfer and Office 365. Their logos and branding have been incorporated with great care to make the email look as legitimate as possible, including tiny details such as copyright statements from WeTransfer at the end of page. Having convinced recipients that the email is actually from established brands, cybercriminals exploit the trusted reputation of the 3 companies to trick the companies’ immensely large customer bases into divulging their confidential data.
This scam is also well-executed because of the nature of the document it purports to provide access to for the recipient. By stating the fact that it is an ‘important’ legal document, the email leverages on the curiosity of recipients, who may be interested to explore the confidential, intriguing nature of the document and click on it without too much hesitation.
MailGuard urges all email users to be vigilant when clicking on any links in emails, no matter how important they may seem to be.
What is "phishing?"
Phishing is the practice of tricking email recipients into revealing personal information that criminals can exploit for gain.
Phishing emails go to a wide group of random people; it’s like a fisherman casting a wide net to see what he can catch. The attackers know that not everyone will respond, but they know that if they send enough emails out somebody will probably take the bait.
A phishing attack message will typically include a link that will send the unwary victim to a fake login website. Once there, the user will be asked to enter username and password data which will be automatically captured by the phishing page.
Scammers use phishing pages to collect login credentials for email accounts, bank accounts, and a wide range of other online services.
Take Action to Defend Your Business
Phishing attacks can be enormously costly and destructive, and new scams are appearing every week. Don’t wait until it happens to your business; take action to protect your business and your staff from financial and reputational damage, now.
For a few dollars per staff member per month, add MailGuard's cloud-based email and web filtering solution to your business security. You’ll significantly reduce the risk of new variants of malicious email from entering your network. Talk to an expert at MailGuard today about your company's cybersecurity needs: firstname.lastname@example.org
Keep up to date on the latest email scams by subscribing to MailGuard’s weekly update, or follow us on Twitter @MailGuard.