Generic email spoofs Microsoft Exchange; delivers phishing attack

Posted by Akankasha Dewan on 10 May 2019 12:43:43 AEST

Careful not to click through on the latest email phishing scam impersonating Microsoft Exchange. The first run of the attack began hitting email inboxes on Thursday morning AEST, 9th May 2019.

A simple plain-text email with the subject reading ‘Technical Support’ alerts recipients that they have identified a ‘misuse’ of their account and asks that they validate their Microsoft Exchange Outlook account.

The email threatens that failure to do so will result in account inactivation and gives them 48 hours to do so. Here is a screenshot of the email:

Generic exchange phishing email

A link is provided in the email to update their account. MailGuard understands unsuspecting recipients who click on the link are led to a suspicious website:

phishing email site

This is a phishing page, designed to harvest confidential information of users.

As you can see in the screenshots above, the email isn’t sophisticated in its design. Rather, plain-text and simple graphical elements have been used both in the actual email and the corresponding phishing page. Saying that however, cybercriminals have used several techniques to trick recipients into clicking on the link. This includes providing them a deadline of ’48 hours’ to update their account in order to prevent it from being deactivated. Doing so brings forth a sense of urgency and panic, prompting unsuspecting recipients to act immediately without giving a second thought. It is this sense of panic that cybercriminals aim to leverage on in such scams.    

MailGuard urges all cyber users to be vigilant when accessing their emails, and look out for tell-tale signs of malicious emails:

Tell-tale signs of email scams:

  • Generic greetings, such as ‘dear customer’
  • A sense of urgency, e.g. “ensure your invoice is paid by the due date to avoid unnecessary fees”
  • Bad grammar or misuse of punctuation and poor-quality or distorted graphics (this attempt isn’t let down by bad grammar, making it more likely some people will take the bait)
  • An instruction to click a link to perform an action (hover over them to see where you’re really being directed)


Stop email fraud

Cybercriminals know we can be tricked; that’s why they send out millions of scam messages and put so much effort into making them look convincing.

People aren't machines; we're all capable of making bad judgement calls. Without email filtering protecting your inbox, it’s all too easy to have a momentary lapse of judgement and click on the wrong thing.

For a few dollars per month, you can protect your inbox with MailGuard's predictive email security.

Talk to an expert at MailGuard today about making your email secure: click here.


Stay up-to-date with new posts on the MailGuard Blog by subscribing to free updates. Click on the button below:

Keep Informed with Weekly Updates




Topics: Phishing ANZ email fraud ANZ scam scam email Threat Update bank scam

Back to Blog


    Something Powerful

    Tell The Reader More

    The headline and subheader tells us what you're offering, and the form header closes the deal. Over here you can explain why your offer is so great it's worth filling out a form for.


    • Bullets are great
    • For spelling out benefits and
    • Turning visitors into leads.

    Recent Posts

    Posts by Topic

    see all