Getting an email notifying you that you’ve got a new voicemail might intrigue and tempt you to explore further but think again before you click on any links.
MailGuard intercepted a phishing email masquerading as a new voicemail notification on the 2nd of August morning (AEST).
While the email infiltrated Australian inboxes from a single domain, MailGuard understands that each message was sent via a different sender. The front portion of the email address that’s been used to send the email has been randomly generated. In addition, each email’s subject has been customised with the domain name of the recipient.
While the body of the email is empty, it contains a .HTML file attachment.
Here is a screenshot of the email:
Unsuspecting recipients who open the attachment are led to a fake login page incorporating Microsoft branding, as per the below:
This is actually a phishing email designed to harvest confidential details of users.
Whilst MailGuard is stopping this email scam from reaching Australian businesses, we encourage all users to be extra vigilant against this kind of email and whatever happens, do not respond to it.
This email scam preys on curiosity of recipients who might not be expecting a voice message, motivating them to access the link as soon as possible.
While the actual phishing page utilises Microsoft’s branding elements in a bid to seem legitimate, several red flags appear in the actual email that would make any eagle-eyed recipient conscious of its inauthenticity. These include the lack of an actual message body and an unknown domain.
To reduce the risk of being tricked by one of these scams, you should immediately delete any emails that:
- Appear to be from a well-known organisation, typically a bank or service provider and are not addressed to you by name and may include poor grammar.
- Ask you to click on a link within the email body in order to access their website. If unsure call the company directly and ask whether the email is legitimate
- Offer money, reward or gift to entice you to hand over your personal details
- Ask you to submit personal information that the sender should already have access to or should not be requesting from you in the first place
One email
Cybercriminals use email scams to infiltrate organisations with malware and attack them from the inside.
All criminals need to break into your business is a cleverly worded message. If they can trick one person in your company into clicking on a malicious link they can gain access to your data.
For a few dollars per staff member per month, you can protect your business with MailGuard's predictive email security.
Talk to an expert at MailGuard today about making your company's network secure: click here.
Stay up-to-date with new posts on the MailGuard Blog by subscribing to free updates. Click on the button below:
