Multiple email providers brandjacked in phishing email scam

Posted by Akankasha Dewan on 05 March 2019 16:18:53 AEDT

As cybercrime evolves in complexity daily, cybercriminals are coming up with new and innovative ways of fooling unsuspecting Web users and infecting their systems.

For instance, MailGuard has detected a new phishing email scam that currently brandjacks not 1, but multiple popular and well-established companies.

First detected early this afternoon (AEDT), the malicious emails arrived in inboxes as innocuous-looking notifications announcing the arrival of new shared files. The email comes from a compromised mailbox, with the “From” field containing the email address of the actual sender. The “To” field has been replaced with a generic display name of "Recipients" and the senders email address.

The body of the email is relatively simple, informing the user that they have received files titled “Files 03/05/2019.pdf”. A link is provided to “download attachments”.

Here is a screenshot of the email:

Email Providers image

Unsuspecting recipients who click on the email are led to a Onedrive branded phishing site, with further links to select email providers, as in the screenshot below:

Multiple email providers

Depending on the email provider selected, a page for logging in to the recipients email account is then shown for that brand. I have included screenshots of the Office 365 and Yahoo! branded login phishing pages.

Users who click on any of these email providers are taken to a fake login page brandjacking the particular email provider they have selected. Here are a couple of examples of these pages:

Office 365:

Sign in O365



Sign in Yahoo

All these login pages are actually phishing pages, designed to harvest users’ confidential login details.

While the actual email infiltrating inboxes is relatively simple-looking, cybercriminals have employed high-definition graphics and branding (including logos) of well-known email providers. This is done in a bid to convince users of the legitimacy of the email. Multiple email providers are brandjacked in this particular email, further boosting the scam’s authenticity as this allows the user to view the shared files via an email address of their choice – an advantageous feature normally expected from credible and well-established file-hosting services such as OneDrive.

Cybercriminals also frequently exploit the branding of global companies like Microsoft in their scams, because their good reputation lulls victims into a false sense of security, and with such a large number of users they are an easy and attractive target.

Whilst MailGuard is stopping this email scam from reaching Australian businesses, we encourage all users to be extra vigilant against this kind of email and whatever happens, do not open or click them.

Phishing continues to be one of the most prevalent forms of cyber-crime. The vast majority of online scams - more than 90% - are perpetrated using email, so it’s wise to always be skeptical of messages from unfamiliar senders asking you to log into your accounts.

For a few dollars per staff member per month, add MailGuard's cloud-based email and web filtering solution to your business security. You’ll significantly reduce the risk of new variants of malicious email from entering your network. Talk to an expert at MailGuard today about your company's cybersecurity needs:

Keep up to date on the latest email scams by subscribing to MailGuard’s weekly update, or follow us on Twitter @MailGuard.

Keep Informed with Weekly Updates


^ Back to Top

Topics: Phishing email scam Cybersecurity cybercrime office365

Back to Blog


Something Powerful

Tell The Reader More

The headline and subheader tells us what you're offering, and the form header closes the deal. Over here you can explain why your offer is so great it's worth filling out a form for.


  • Bullets are great
  • For spelling out benefits and
  • Turning visitors into leads.

Recent Posts

Posts by Topic

see all