Security-focused businesses often use passwords with expirations in the hopes that if an employee’s data is breached, regularly updated passwords will minimise the risk of an unauthorised individual gaining access to the user’s account. However, scammers are aware of this trick, and in a new phishing scam, they’re posing as Microsoft and warning recipients that the password to their email account expires today.
The subject line includes the date the message was sent and states that the email is a “Password Reminder Message for [recipient’s email address]”. Using the recipient’s address is a common tactic used by cybercriminals in an attempt to personalise the email. We can see that the attacker has used this move again in the sender name, which shows “[recipient’s email address] Password Keeping”, but it has actually been sent via a compromised account rather than one associated with Microsoft.
The email appears as a somewhat typical password expiry alert and uses Microsoft branding heavily. The user is directed to click a button to “Keep my same password” to “avoid login interruption”. Although the appearance of the email is relatively convincing, there are a few warning signs, including the English and grammar, as well as the “Notice” at the bottom of the message, which mentions BlueScope Steel, indicating that the attacker has either imitated this company in the past or copied their disclaimer to add a level of professionalism, and either way, they’ve forgotten to change the name to Microsoft.
Here's what the email looks like:
When clicking the link in the email, the user is directed to a verification page that uses a captcha system to evade automated scanning.
After the user is verified as a human, they’re taken to a phishing site that looks almost identical to the Microsoft login page where they’re prompted to enter their password.
If the victim does enter their password, they’re shown an error that states “Your account or password is incorrect. If you don’t remember your password, reset it now”. At this point, the password has been harvested by the scammer and stored for later use.
Scammers are always on the lookout to steal Microsoft credentials as they serve as the gateway to a business’s sensitive data and systems. Recently, MailGuard has also intercepted and begun blocking emails that appear like quarantined email alerts, password expiry notifications, Microsoft Teams invites, and DocuSign alerts, all with the intention of stealing business email credentials. Make sure to check our blog regularly so you know what to look out for and can avoid falling victim to these vicious scams.
MailGuard advises all recipients of this email to delete it immediately without clicking on any links. Providing your personal details can result in your sensitive information being used for criminal activity and may have a severe negative impact on your business and its financial well-being.
MailGuard urges users not to click links or open attachments within emails that:
- Are not addressed to you by name.
- Appear to be from a legitimate company but use poor English or omits personal details that a legitimate sender would include.
- Are from businesses that you were not expecting to hear from, and/or
- Take you to a landing page or website that is not the legitimate URL of the company the email is purporting to be sent from.
Many businesses turn to MailGuard after an incident or a near miss, often as a result of an email similar to the one shown above. If unwanted emails are a problem for your business, don’t wait until it’s too late.
Reach out to our team for a confidential discussion by emailing expert@mailguard.com.au or calling 1300 30 44 30.
One email is all that it takes
All that it takes to devastate your business is a cleverly worded email message that can steal sensitive user credentials or disrupt your business operations. If scammers can trick one person in your company into clicking on a malicious link or attachment, they can gain access to your data or inflict damage on your business.
For a few dollars per staff member per month, you can protect your business with MailGuard's predictive and advanced email security. Talk to a solution consultant at MailGuard today about securing your company's inboxes.
Stay up-to-date with MailGuard's latest blog posts by subscribing to free updates. Subscribe to weekly updates by clicking on the button below.
