Zero-day phishing attack detected by MailGuard: this phishing email is designed to look like an invoice notification message from Microsoft Dynamics.
You can see in the screenshot above, that this is not a very well designed email scam, but the use of Microsoft’s branding makes the scam more likely to fool people.
The email contains a link labelled ‘view dynamics nav document’ that points to a fake Microsoft sign-in page.
This is actually a phishing site that collects the Microsoft login credentials of the scam victim - see screenshot below:
It should be noted that the display name shown in the scam email ‘sender’ field is Microsoft Dynamic365 but the actual sender address is firstname.lastname@example.org - not a genuine Microsoft address. This is a clear indication that this message is not authentic.
This cyber-attack is a classic example of brandjacking - a scam format that illegally exploits the logos and trademarks of major corporations to deceive victims and persuade them to click on harmful links.
Being such a well known and trusted company, Microsoft is an ideal brandjacking target.
If you see this message arrive in your inbox, please be sure to delete it immediately.
Defend Your Business
Phishing attacks can be enormously costly and destructive, and new scams are appearing every day. Scammers can use the login credentials they steal to hack into a whole company's computer system. Don’t wait until it happens to your business; take action to protect your company from financial and reputational damage, now.
Effective cybersecurity requires a multi-layered strategy. For a few dollars per staff member per month, add MailGuard's predictive email security. You’ll significantly reduce the risk of malicious email entering your network. Talk to an expert at MailGuard today about your company's cybersecurity needs: 1300 30 44 30
Stay up-to-date with new posts on the MailGuard Blog by subscribing to free updates. Click on the button below: