Akankasha Dewan 10 October 2019 11:04:06 AEDT 3 MIN READ

Email containing ‘audio file’ attachment delivers phishing attack

MailGuard has detected a new phishing email scam that uses an ‘audio file’ to deliver a phishing attack.

The malicious emails were first detected today morning (AEST), the 9th of October. The display name used for the emails includes the recipient’s domain. The emails were actually sent from a compromised account.

The email messages have no body. Instead, they contain an HTML attachment which appears as a loading screen. The screen displays two messages "Fetching your audio file ..." and "You will be redirected in 5 seconds ...".

Here is a screenshot of the email:

audio file

After 5 seconds on this page, the user is redirected to a fake Office 365 branded login page, which has their email address pre-filled.

Audio file phishing page

Unsuspecting recipients who click on their account name are then led to a phishing page which asks them to insert their password, as per the below:

Audio file password

Once a user logs in, they are shown a message stating their password is wrong and asked to put it in again. This is displayed every time a password is entered and never progresses from here.

Whilst MailGuard is stopping this email scam from reaching Australian businesses, we encourage all users to be extra vigilant against this kind of email and whatever happens, do not open or click on it.

As you can see from the screenshots above, cybercriminals have attempted to boost the credibility of this email scam by incorporating Microsoft’s logo and branding using high quality graphical elements.

Despite this attempt, eagle-eyed recipients would be able to identify the inauthenticity of the email due to several red flags. These include the fact that the recipient isn’t directly addressed in the email and that there is, in fact, no email body.

Phishing continues to be one of the most prevalent forms of cyber-crime. The vast majority of online scams - more than 90% - are perpetrated using email, so it’s wise to always be skeptical of messages from unfamiliar senders asking you to log into your accounts.

What to look out for

As a precaution, avoid clicking links in emails that:

  • Are not addressed to you by name, have poor English or omit personal details that a legitimate sender would include (e.g. – tracking ID).
  • Are from businesses you’re not expecting to hear from.
  • Ask you to download any files or messages, including audio notes.
  • Take you to a landing page or website that does not have the legitimate URL of the company the email is purporting to be sent from.

Whilst MailGuard is stopping this email scam from reaching Australian businesses, we encourage all users to be extra vigilant against this kind of email and whatever happens, do not open or click them.

Don't get scammed

If your company’s email accounts aren’t protected, emails like the one above are almost certainly being received by your staff. Cybercriminals know people can be tricked; that’s why they send out millions of scam messages and put so much effort into making them look convincing.

People are not machines; we're all capable of making bad judgement calls. Without email filtering protecting your business, it’s just a matter of time before someone in your organisation has a momentary lapse of judgement and clicks on the wrong thing.

One email

Cybercriminals use email scams to infiltrate organisations with malware and attack them from the inside. All criminals need to break into your business is a cleverly-worded message. If they can trick one person in your company into clicking on a malicious link they can gain access to your data.

For a few dollars per staff member per month, you can protect your business with MailGuard's predictive and advanced email security.

Talk to a solution consultant at MailGuard today about securing your company's network. 


Why not stay up-to-date with MailGuard's latest blog posts by subscribing to free updates? Subscribe to weekly updates by clicking on the button below.

Keep Informed with Weekly Updates