Email notifying users of a “new Recorded Voice Mail” leads to fake Microsoft Outlook-branded phishing page

Posted by Akankasha Dewan on 28 April 2020 12:50:54 AEST

MailGuard has detected and successfully intercepted a new phishing email scam that uses a ‘voice mail’ to deliver a phishing attack.

Using a display name of “Candace Plunkett”, the malicious emails are titled “You have received a new Recorded Voice Mail”. The sender email address uses a domain belonging to iPROMOTEu.com. We discovered that the email actually originates from multiple, randomly generated sender addresses hosted on hubspotemail.net. However, the display name and the sender email address used in the emails don’t change.

Here is a screenshot of the email:

Scam2804_Social

Unsuspecting recipients who click on the button are led to a redirected to a fake Outlook-branded login page. Hosted on a domain starting with “oliro.org”, this is a phishing page designed to harvest users’ data:

Scam2804_domain

Scam2804_Domain2

Upon “signing in”, users are informed their passwords are incorrect, as per the below screenshot:

Scam_2804_Domain 3

We strongly advise all recipients to delete these emails immediately without clicking on any links. Please share this alert with your social media network to help us spread the word around this email scam.

As you can see from the screenshots above, cybercriminals have employed multiple elements to trick recipients. Here are some of them:

  • The use of an email subject like “You have received a new Recorded Voice Mail”. This creates intrigue among recipients, who may be curious enough to click on the link in the email without pausing to check for its validity. Since voicemail messages like these do typically require users to click a link to listen to messages or download audio files, they are a convenient trojan horse for malicious attacks like this one and may not raise any alarm bells.

  • The phishing page that the email leads to includes Microsoft Outlook’s branding and logo – again helping to boost the page’s legitimacy.

Despite these techniques, eagle-eyed recipients of this email would be able to spot several red flags that point to the email’s in-authenticity. These include the fact that the email doesn’t address the recipient directly, and that the domain in the phishing page doesn’t belong to Outlook.

Cybercriminals also frequently exploit the branding of global companies like Microsoft in their scams, because their good reputation lulls victims into a false sense of security, and with such a large number of users they are an easy and attractive target.

Whilst MailGuard is stopping this email scam from reaching Australian businesses, we encourage all users to be extra vigilant against this kind of email and whatever happens, do not open or click them.

Phishing continues to be one of the most prevalent forms of cyber-crime. The vast majority of online scams - more than 90% - are perpetrated using email, so it’s wise to always be skeptical of messages from unfamiliar senders asking you to log into your accounts.

As a precaution, MailGuard urges you not to click links within emails that:

  • Are not addressed to you by name.
  • Appear to be from a legitimate company but use poor English, or omit personal details that a legitimate sender would include.
  • Are from businesses that you were not expecting to hear from.
  • Take you to a landing page or website that is not the legitimate URL of the company the email is purporting to be sent from. 

Don't get scammed

If your company’s email accounts aren’t protected, emails like the one above are almost certainly being received by your staff. Cybercriminals know people can be tricked; that’s why they send out millions of scam messages and put so much effort into making them look convincing.

People are not machines; we're all capable of making bad judgement calls. Without email filtering protecting your business, it’s just a matter of time before someone in your organisation has a momentary lapse of judgement and clicks on the wrong thing.

One email is all that it takes

All that it takes to break into your business is a cleverly-worded email message. If scammers can trick one person in your company into clicking on a malicious link they can gain access to your data.

For a few dollars per staff member per month, you can protect your business with MailGuard's predictive and advanced email security.

Talk to a solution consultant at MailGuard today about securing your company's network.

Why not stay up-to-date with MailGuard's latest blog posts by subscribing to free updates? Subscribe to weekly updates by clicking on the button below.

Keep Informed with Weekly Updates

 

 

Topics: email scams fraud fastbreak

Back to Blog

Comments:


Something Powerful

Tell The Reader More

The headline and subheader tells us what you're offering, and the form header closes the deal. Over here you can explain why your offer is so great it's worth filling out a form for.

Remember:

  • Bullets are great
  • For spelling out benefits and
  • Turning visitors into leads.

Recent Posts

Posts by Topic

see all