Careful not to click through on the latest email phishing scam impersonating Microsoft Exchange. The first run of the attack began hitting email inboxes on Thursday morning AEST, 9th May 2019.
A simple plain-text email with the subject reading ‘Technical Support’ alerts recipients that they have identified a ‘misuse’ of their account and asks that they validate their Microsoft Exchange Outlook account.
The email threatens that failure to do so will result in account inactivation and gives them 48 hours to do so. Here is a screenshot of the email:
A link is provided in the email to update their account. MailGuard understands unsuspecting recipients who click on the link are led to a suspicious website:
This is a phishing page, designed to harvest confidential information of users.
As you can see in the screenshots above, the email isn’t sophisticated in its design. Rather, plain-text and simple graphical elements have been used both in the actual email and the corresponding phishing page. Saying that however, cybercriminals have used several techniques to trick recipients into clicking on the link. This includes providing them a deadline of ’48 hours’ to update their account in order to prevent it from being deactivated. Doing so brings forth a sense of urgency and panic, prompting unsuspecting recipients to act immediately without giving a second thought. It is this sense of panic that cybercriminals aim to leverage on in such scams.
MailGuard urges all cyber users to be vigilant when accessing their emails, and look out for tell-tale signs of malicious emails:
Tell-tale signs of email scams:
- Generic greetings, such as ‘dear customer’
- A sense of urgency, e.g. “ensure your invoice is paid by the due date to avoid unnecessary fees”
- Bad grammar or misuse of punctuation and poor-quality or distorted graphics (this attempt isn’t let down by bad grammar, making it more likely some people will take the bait)
- An instruction to click a link to perform an action (hover over them to see where you’re really being directed)
Stop email fraud
Cybercriminals know we can be tricked; that’s why they send out millions of scam messages and put so much effort into making them look convincing.
People aren't machines; we're all capable of making bad judgement calls. Without email filtering protecting your inbox, it’s all too easy to have a momentary lapse of judgement and click on the wrong thing.
Stay up-to-date with new posts on the MailGuard Blog by subscribing to free updates. Click on the button below: