Receiving an urgent email claiming your account might deleted may cause you to sit up and take notice, but sometimes it also calls for a more critical need to be more vigilant before taking action.
MailGuard intercepted a deceptive email employing similar techniques earlier this morning (AEST).
The malicious email was first detected on Monday, the 26th of August morning (AEST).
Titled ‘Mailbox error’, the email originates from a single compromised email address - specifically from a French domain. The body of the email informs recipients that because their account is ‘not updated’, it may possibly lead to a ‘permanent deactivation’. A link is provided for recipients to update their account.
Here is a screenshot of the email:
Unsuspecting recipients who click the link to update their account are redirected to a phishing page that’s a fake Microsoft Exchange login page. Here the users are invited to insert their Microsoft Exchange credentials, as per the below:
Once recipients have submitted the form and ‘signed in’, nothing seems to happen. However, the user's credentials are silently harvested.
Whilst MailGuard is stopping this email scam from reaching Australian businesses, we encourage all users to be extra vigilant against this kind of email and whatever happens, do not respond to it.
By claiming that users’ accounts will be deactivated unless action is taken, this email scam evokes urgency and panic among recipients, motivating them to click on the link to view it as soon as possible.
To reduce the risk of being tricked by one of these scams, you should immediately delete any emails that:
- Appear to be from a well-known organisation, typically a bank or service provider and are not addressed to you by name and may include poor grammar.
- Ask you to click on a link within the email body in order to access their website. If unsure call the company directly and ask whether the email is legitimate
- Offer money, reward or gift to entice you to hand over your personal details
- Ask you to submit personal information that the sender should already have access to or should not be requesting from you in the first place
Don't get scammed
If your company’s email accounts aren’t protected, emails like the one above are almost certainly being received by your staff. Cybercriminals know people can be tricked; that’s why they send out millions of scam messages and put so much effort into making them look convincing.
People are not machines; we're all capable of making bad judgement calls. Without email filtering protecting your business, it’s just a matter of time before someone in your organisation has a momentary lapse of judgement and clicks on the wrong thing.
For a few dollars per staff member per month, you can protect your business with MailGuard's predictive email security.
Talk to an expert at MailGuard today about making your company's network secure: click here.
Stay up-to-date with new posts on the MailGuard Blog by subscribing to free updates. Click on the button below: