Hold on before you ‘update your account’

Posted by Akankasha Dewan on 30 August 2019 14:09:31 AEST

Receiving an urgent email claiming your account might deleted may cause you to sit up and take notice, but sometimes it also calls for a more critical need to be more vigilant before taking action.

MailGuard intercepted a deceptive email employing similar techniques earlier this morning (AEST).

The malicious email was first detected on Monday, the 26th of August morning (AEST).  

Titled ‘Mailbox error’, the email originates from a single compromised email address - specifically from a French domain.  The body of the email informs recipients that because their account is ‘not updated’, it may possibly lead to a ‘permanent deactivation’. A link is provided for recipients to update their account.

Here is a screenshot of the email:

Update your account edited

 

Unsuspecting recipients who click the link to update their account are redirected to a phishing page that’s a fake Microsoft Exchange login page. Here the users are invited to insert their Microsoft Exchange credentials, as per the below:

outlook web edited

Once recipients have submitted the form and ‘signed in’, nothing seems to happen. However, the user's credentials are silently harvested.

Whilst MailGuard is stopping this email scam from reaching Australian businesses, we encourage all users to be extra vigilant against this kind of email and whatever happens, do not respond to it.

By claiming that users’ accounts will be deactivated unless action is taken, this email scam evokes urgency and panic among recipients, motivating them to click on the link to view it as soon as possible.

To reduce the risk of being tricked by one of these scams, you should immediately delete any emails that:

  • Appear to be from a well-known organisation, typically a bank or service provider and are not addressed to you by name and may include poor grammar.
  • Ask you to click on a link within the email body in order to access their website. If unsure call the company directly and ask whether the email is legitimate
  • Offer money, reward or gift to entice you to hand over your personal details
  • Ask you to submit personal information that the sender should already have access to or should not be requesting from you in the first place

 

Don't get scammed

If your company’s email accounts aren’t protected, emails like the one above are almost certainly being received by your staff.  Cybercriminals know people can be tricked; that’s why they send out millions of scam messages and put so much effort into making them look convincing.

People are not machines; we're all capable of making bad judgement calls. Without email filtering protecting your business, it’s just a matter of time before someone in your organisation has a momentary lapse of judgement and clicks on the wrong thing.

For a few dollars per staff member per month, you can protect your business with MailGuard's predictive email security.

Talk to an expert at MailGuard today about making your company's network secure: click here.

Stay up-to-date with new posts on the MailGuard Blog by subscribing to free updates. Click on the button below:

Keep Informed with Weekly Updates

 

 



Topics: Xero

Back to Blog

Comments:


Something Powerful

Tell The Reader More

The headline and subheader tells us what you're offering, and the form header closes the deal. Over here you can explain why your offer is so great it's worth filling out a form for.

Remember:

  • Bullets are great
  • For spelling out benefits and
  • Turning visitors into leads.

Recent Posts

Posts by Topic

see all