Don’t be so quick to click on everything you see in your email – especially if it is from someone you weren’t expecting to hear from.
MailGuard has intercepted a new phishing email containing malicious links. The emails were first detected earlier today, 22nd of August (AEST). The body of the email is simple, advising recipients that a new document has been shared with them. A link is provided to view the document, along with a signature from an ‘account manager’. The fraudulent email actually comes from a single compromised email account.
Here is a screenshot of the email:
Unsuspecting recipients who click on the link to view the document are led to a replica of a file sharing page.
Clicking on the button to ‘log in’ will lead users to a page asking users to choose their preferred email provider to log in to. A range of email providers is provided, such as Yahoo, Hotmail etc.
This is a phishing page designed to harvest confidential data of users.
MailGuard urges all recipients of this email to delete it immediately without clicking on any links.
Several techniques have been employed in this particular email to look like a genuine notification, including the usage of high-quality graphical elements in the phishing page. The inclusion of the sender’s signature and address is another tactic to make the email look legitimate. All this serves to elicit a more confident response from recipients who think they are, in fact, viewing a document from a legitimate sender.
This email also attempts to intrigue; telling the recipient that a new document has arrived creates a sense of curiosity. This motivates the recipient to click on the provided link right away, distracting them from checking the sending address of the email and looking out for any other errors.
What to look out for
As a precaution, avoid clicking links in emails that:
- Are not addressed to you by name, have poor English or omit personal details that a legitimate sender would include (e.g. – tracking ID).
- Are from businesses you’re not expecting to hear from.
- Ask you to click on any suspicious links.
- Take you to a landing page or website that does not have the legitimate URL of the company the email is purporting to be sent from.
Don't get scammed
If your company’s email accounts aren’t protected, emails like the one above are almost certainly being received by your staff. Cybercriminals know people can be tricked; that’s why they send out millions of scam messages and put so much effort into making them look convincing.
People are not machines; we're all capable of making bad judgement calls. Without email filtering protecting your business, it’s just a matter of time before someone in your organisation has a momentary lapse of judgement and clicks on the wrong thing.
For a few dollars per staff member per month, you can protect your business with MailGuard's predictive email security.
Talk to an expert at MailGuard today about making your company's network secure: click here.
Stay up-to-date with new posts on the MailGuard Blog by subscribing to free updates. Click on the button below: