Emmanuel Marshall 30 October 2017 17:58:03 AEDT 4 MIN READ

New Email Scam: Fake Microsoft Website Designed to Trick Scam Victims

 

In the early hours of this morning a new email phishing scam emerged, impersonating Microsoft Office 365. 

The attack consists of a deceptively simple HTML email message, telling the recipient that their email account is over quota and that they need to upgrade their plan.

If the victim clicks on the link in the email they are taken to a fake website, pretending to be a portal for Microsoft Office 365. 

This is not a real Microsoft website. Although the graphic design of the web page looks quite good, this is a fake website used by hackers to collect login data from unsuspecting victims.

The scam was detected and blocked by MailGuard.

Cyber-criminals frequently exploit the branding of global companies like Microsoft in their scams, because their good reputation lulls victims into a false sense of security. Because of the large number of users globally, Office 365 is a regular victim of these scams. 

This attack consists of a deceptively simple HTML email message, telling the recipient that their email account is over quota and that they need to upgrade their plan.

 The image below shows the format of the phishing message we intercepted:

Important Update. - Mozilla Thunderbird_252.png

If the victim clicks on the link in the email they are taken to a fake website, pretending to be a portal for Microsoft Office 365, as shown in the screenshot below:

Office 365 Portal - Mozilla Firefox_251.png


This is not a real Microsoft website. Although the graphic design of the web page looks quite good, this is a fake website used by hackers to collect login data from unsuspecting victims.

 

Trusted Brands are Often Used by Cyber-Criminals

Cyber-criminals frequently exploit the branding of global companies like Microsoft in their scams, because their good reputation lulls victims into a false sense of security.

Anyone who follows the link in this phishing email will be asked to enter their login credentials on the fake Microsoft website. Once the scammers have successfully collected the victim’s username and password they pass the victim on to the legitimate Office 365 website, to avoid arousing their suspicion.

 

Have You Been Targeted?

If you think you may have received this phishing email, check the sender details carefully. The sender details we saw in the messages we detected were:

display address: theresa(at)vistamfg(dot)com
sending address: t.beasley(at)vistamfg(dot)com

Checking the sender details of suspicious emails is one way of verifying whether they are legitimate communications or phishing attacks. Obviously, this bogus email does not originate from a Microsoft email domain.

 

Phishing Is Still the #1 Threat

Like the recent Telstra scam, this latest phishing attack leverages the reputation of a well known and trusted brand to win the trust of victims. The continued rise of cybercrime, and the relentless attacks on email inboxes by scammers mimicking major brands, should serve as a reminder for us all to be cautious about the links we click on. Readily available web tools make it very easy for cyber-criminals to create fake websites that look almost exactly like the real thing, so always remember to check the URL of a page before you trust it.

Phishing continues to be one of the most prevalent forms of cyber-crime. The vast majority of online scams - more than 90% - are perpetrated using email, so it’s wise to always be skeptical of messages from unfamiliar senders asking you to log into your web accounts.

 

Take Action to Defend Your Business

Phishing attacks can be enormously costly and destructive, and new scams are appearing every week. Don’t wait until it happens to your business; take action to protect your business and your staff from financial and reputational damage, now.

For a few dollars per staff member per month, add MailGuard's cloud-based email and web filtering protection to your business security. You’ll significantly reduce the risk of new variants of malicious email from entering your network. Talk to an expert at MailGuard today about your company's cybersecurity needs: expert@mailguard.com.au

Keep up to date on the latest email scams by subscribing to MailGuard’s weekly update, or follow us on Twitter @MailGuard.