Email containing ‘protected message’ ironically includes malicious link

Posted by Akankasha Dewan on 23 August 2019 13:34:52 AEST

Every day, cybercriminals are getting sneakier and launching email scams that aim to trick recipients.

MailGuard intercepted one such deceptive email on the 22nd of August morning (AEST). This email scam is highly similar to the one intercepted yesterday purporting to be from an ‘account manager’.

The email infiltrated Australian inboxes from a single compromised email address. MailGuard understands that cybercriminals behind this scam have used the victim's email account to send the unsolicited messages. It is titled ‘Invoice/statement’.

While the body of the email is largely empty, it contains a text box instructing recipients in a short message to ‘view message’ along with a link to do so.

Here is a screenshot of the email:

invoice statement

Unsuspecting recipients who click the link to ‘view document’ are led to a fake login page incorporating Microsoft branding, as per the below:

login 2308


This is actually a phishing page designed to harvest confidential details of users. Once the form is submitted, the user is redirected to the real Microsoft login page.

Whilst MailGuard is stopping this email scam from reaching Australian businesses, we encourage all users to be extra vigilant against this kind of email and whatever happens, do not respond to it.

This email scam preys on curiosity of recipients who might wonder as to the nature of this unexpected message, motivating them to click on the link to view it as soon as possible. The fact that it is presented as a ‘protected message’ serves to boost its credibility. The inclusion of Microsoft’s privacy statement and a footer warning recipients about the dangers of misusing the message further serve to convince recipients of its authenticity.

However, despite these attempts, several red flags appear in the actual email that would make any eagle-eyed recipient conscious of its inauthenticity. These include the lack of an actual message body. In addition, the recipient isn’t addressed directly.   

To reduce the risk of being tricked by one of these scams, you should immediately delete any emails that:

  • Appear to be from a well-known organisation, typically a bank or service provider and are not addressed to you by name and may include poor grammar.
  • Ask you to click on a link within the email body in order to access their website. If unsure call the company directly and ask whether the email is legitimate
  • Offer money, reward or gift to entice you to hand over your personal details
  • Ask you to submit personal information that the sender should already have access to or should not be requesting from you in the first place

Don't get scammed

If your company’s email accounts aren’t protected, emails like the one above are almost certainly being received by your staff.  Cybercriminals know people can be tricked; that’s why they send out millions of scam messages and put so much effort into making them look convincing.

People are not machines; we're all capable of making bad judgement calls. Without email filtering protecting your business, it’s just a matter of time before someone in your organisation has a momentary lapse of judgement and clicks on the wrong thing.

For a few dollars per staff member per month, you can protect your business with MailGuard's predictive email security.
Talk to an expert at MailGuard today about making your company's network secure: click here.

Stay up-to-date with new posts on the MailGuard Blog by subscribing to free updates. Click on the button below:

Keep Informed with Weekly Updates



Topics: Xero

Back to Blog


Something Powerful

Tell The Reader More

The headline and subheader tells us what you're offering, and the form header closes the deal. Over here you can explain why your offer is so great it's worth filling out a form for.


  • Bullets are great
  • For spelling out benefits and
  • Turning visitors into leads.

Recent Posts

Posts by Topic

see all