Email delivering shared document carries phishing attack

Posted by Akankasha Dewan on 22 August 2019 17:38:37 AEST

Don’t be so quick to click on everything you see in your email – especially if it is from someone you weren’t expecting to hear from. 

MailGuard has intercepted a new phishing email containing malicious links. The emails were first detected earlier today, 22nd of August (AEST). The body of the email is simple, advising recipients that a new document has been shared with them. A link is provided to view the document, along with a signature from an ‘account manager’. The fraudulent email actually comes from a single compromised email account.

Here is a screenshot of the email:


Unsuspecting recipients who click on the link to view the document are led to a replica of a file sharing page.

box scam 2208

Clicking on the button to ‘log in’ will lead users to a page asking users to choose their preferred email provider to log in to. A range of email providers is provided, such as Yahoo, Hotmail etc.

login page (2)This is a phishing page designed to harvest confidential data of users.

MailGuard urges all recipients of this email to delete it immediately without clicking on any links.

Several techniques have been employed in this particular email to look like a genuine notification, including the usage of high-quality graphical elements in the phishing page. The inclusion of the sender’s signature and address is another tactic to make the email look legitimate. All this serves to elicit a more confident response from recipients who think they are, in fact, viewing a document from a legitimate sender.

This email also attempts to intrigue; telling the recipient that a new document has arrived creates a sense of curiosity. This motivates the recipient to click on the provided link right away, distracting them from checking the sending address of the email and looking out for any other errors.

What to look out for

As a precaution, avoid clicking links in emails that:

  • Are not addressed to you by name, have poor English or omit personal details that a legitimate sender would include (e.g. – tracking ID).
  • Are from businesses you’re not expecting to hear from.
  • Ask you to click on any suspicious links.
  • Take you to a landing page or website that does not have the legitimate URL of the company the email is purporting to be sent from.

Don't get scammed

If your company’s email accounts aren’t protected, emails like the one above are almost certainly being received by your staff.  Cybercriminals know people can be tricked; that’s why they send out millions of scam messages and put so much effort into making them look convincing.

People are not machines; we're all capable of making bad judgement calls. Without email filtering protecting your business, it’s just a matter of time before someone in your organisation has a momentary lapse of judgement and clicks on the wrong thing.

For a few dollars per staff member per month, you can protect your business with MailGuard's predictive email security.
Talk to an expert at MailGuard today about making your company's network secure: click here.

Stay up-to-date with new posts on the MailGuard Blog by subscribing to free updates. Click on the button below:

Keep Informed with Weekly Updates



Topics: Xero

Back to Blog


Something Powerful

Tell The Reader More

The headline and subheader tells us what you're offering, and the form header closes the deal. Over here you can explain why your offer is so great it's worth filling out a form for.


  • Bullets are great
  • For spelling out benefits and
  • Turning visitors into leads.

Recent Posts

Posts by Topic

see all