Daniel Graziano 28 September 2015 15:02:00 AEST 2 MIN READ

Email Phishing Scam Targeting Microsoft Outlook Web Access Users

MailGuard have identified and successfully blocked an email phishing attack targeted at recipients using Microsoft’s Outlook Web Application (OWA).

Here is a screenshot of the type of email to watch out for:

outlook-web-access-email-phishing-scamAs you can see in the example above, this plain text email originates from a broad and generic sender, ‘Webmail’. These spammers send these emails to hundreds of companies, and as a result use a nonspecific ‘Webmail’ sender address as part of their plan to confuse mass recipients.

Aside from some informal language, this email is a rather convincing phishing email attack.

In this particular variation, recipients that click through to “verify [their] email box account” and access their pending emails are directed to a bogus page that resembles the Microsoft OWA login interface.

outlook-web-app-email-phishing-scam-landing-page-form

This attack can leave recipients particularly vulnerable as they may have had an existing OWA session open in another tab, and not cross checked the URL field to reveal that this is a phishing scam.

As you can see in the example above, there are a few immediate signs that this landing page is a scam.

  • The URL/web address field. This should be your first checkpoint when identifying potential email scams as so many disasters can be averted by taking a quick glance. This particular scam reveals that this a Wix.com hosted landing page.
  • As mentioned above, this clone login page is hosted with Wix.com. Microsoft do not host their landing pages with a free hosting service like Wix.
  • Lastly, the copyright date below the form submit field reads, ‘2010’. A legitimate vendor like Microsoft would not publish a landing page without the correct copyright date.

Upon entering their user name, email and password, the victim is redirected to the following page indicating successful form completion.

outlook-web-app-email-phishing-scam-landing-page-successful

The cyber criminal team responsible for the phishing attack can now use the stolen credentials to hijack the victim’s Microsoft account, alongside any other accounts which use the same login credentials.

As a precaution, we urge you to delete emails that:

  • Appear to be from a legitimate company and are not addressed to you by name or are written in poor English.
  • Require you to click a link in the email body to verify your identity.
  • Have an unusual request that you would not expect to receive from the official purported sender.

Educating staff and employing cloud-based email filtering and web filtering, complimented by multilayered defences including desktop antivirus, anti-malware and anti-spyware will go a long way to mitigating the risk from a wide range of email scams.

Microsoft® and Outlook® are registered trademarks of Microsoft Corporation in the United States and/or other countries.


Keep up to date on the latest email scams by subscribing to MailGuard’s weekly update or follow us on social media.

Keep Informed with Weekly Updates

^ Back to Top