MailGuard has intercepted a phishing email titled “Supply List Demand” that uses a malicious attachment to trick users into handing over their confidential information.
The display name used in the email is “David” while the “to” field includes an email address. The email actually originates from a single compromised email address.
The body of the message is in plain-text. It asks recipients to “deliver the attached supply list” and that a “permit” will be received on the 12th of May. An attachment is included in the form of a .PDF file. The file is named using the same email address that is included in the “to” field.
Here is what the email looks like:
Upon opening the attachment, a file appears with its background blurred. This blurred background appears to use the branding and logo of the Silicon Valley Bank. Interestingly, this is a background that is similar to one that was used in another phishing scam that we intercepted a few weeks ago. Users viewing this attachment are prompted to insert their Microsoft Outlook password to login and see the file. Here is what the file looks like:
Once users “log in’’ to their accounts, they are redirected to a document that his hosted on OneDrive, as per the below:
While the email in itself is a plain-text one and isn’t exactly sophisticated in design, cybercriminals have included several elements in the scam to avoid detection. This includes the fact that the malicious phishing link isn’t within the actual message body, but hidden within the attachment containing the HTML page. The usage of a similar looking template in the .PDF file (with the SVB logo in the background) demonstrates how easy it is for criminals to replicate existing scams to trick users.
Despite these techniques, eagle-eyed recipients of this email would be able to spot several red flags that point to the email’s in-authenticity. These include the fact that the email doesn’t address the recipient directly.
MailGuard urges all cyber users to be vigilant when accessing their emails and look out for tell-tale signs of malicious emails.
As a precaution, MailGuard urges you not to click links within emails that:
- Are not addressed to you by name.
- Appear to be from a legitimate company but use poor English, or omit personal details that a legitimate sender would include.
- Are from businesses that you were not expecting to hear from.
- Take you to a landing page or website that is not the legitimate URL of the company the email is purporting to be sent from.
Don't get scammed
If your company’s email accounts aren’t protected, emails like the one above are almost certainly being received by your staff. Cybercriminals know people can be tricked; that’s why they send out millions of scam messages and put so much effort into making them look convincing.
People are not machines; we're all capable of making bad judgement calls. Without email filtering protecting your business, it’s just a matter of time before someone in your organisation has a momentary lapse of judgement and clicks on the wrong thing.
One email is all that it takes
All that it takes to break into your business is a cleverly-worded email message. If scammers can trick one person in your company into clicking on a malicious link they can gain access to your data.
For a few dollars per staff member per month, you can protect your business with MailGuard's predictive and advanced email security.
Talk to a solution consultant at MailGuard today about securing your company's network.
Why not stay up-to-date with MailGuard's latest blog posts by subscribing to free updates? Subscribe to weekly updates by clicking on the button below.