Phishing email asks users to upgrade mailbox; uses LinkedIn redirect to avoid detection

Posted by Akankasha Dewan on 08 September 2020 16:38:48 AEST

MailGuard has intercepted a phishing email purporting to be a notification from users’ “email account team”.

Titled “increase storage space”, the email informs users that their email account might be deactivated unless they upgrade to “the latest version” with “25GB free data space”. A button is provided for them to do so.

To improve engagement with the email, the subject line and the content of the email feature the recipients’ company and name.

Here’s what the email looks like:


Hovering over the button to “upgrade to the latest version” reveals a LinkedIn URL, as per the below:

LinkedIn URL

Unsuspecting recipients who click on this link are redirected to a phishing page that asks for their email username and password:


Once these credentials are entered and submitted, the attacker harvests them for later use, and the page attempts to redirect the victim to the correct website using their credentials to log in. If incorrect credentials are used, the victim is met with an error message saying the credentials were incorrect.

Whilst MailGuard is stopping this email scam from reaching Australian businesses, we encourage all users to be extra vigilant against this kind of email and whatever happens, do not respond to it.

By claiming that users’ accounts will be deactivated unless action is taken, this email scam evokes urgency and panic among recipients, motivating them to click on the link to view it as soon as possible.

It’s also interesting to note the inclusion of the LinkedIn URL that is used to redirect users to the phishing page. This is likely to be an evasion tactic, designed to bypass email security filters and veil the ultimate malicious destination of the email – the phishing page. In addition, cybercriminals know that users often hover over buttons to check for the validity of their links. LinkedIn is a trusted and well-established brand, and seeing a URL using a LinkedIn domain isn’t likely to raise too much suspicion as users are likely to whitelist it, further increasing the likelihood of the scam being successful.

Phishing continues to be one of the most prevalent forms of cyber-crime. The vast majority of online scams - more than 90% - are perpetrated using email, so it’s wise to always be sceptical of messages from unfamiliar senders asking you to log into your accounts.

Phishing attacks can be enormously costly and destructive, and new scams are appearing every week. Don’t wait until it happens to your business; protect your business and your staff from financial and reputational damage, now.

One email is all that it takes

All that it takes to break into your business is a cleverly-worded email message. If scammers can trick one person in your company into clicking on a malicious link they can gain access to your data.

For a few dollars per staff member per month, you can protect your business with MailGuard's predictive and advanced email security.

Talk to a solution consultant at MailGuard today about securing your company's network.

Why not stay up-to-date with MailGuard's latest blog posts by subscribing to free updates? Subscribe to weekly updates by clicking on the button below.

Keep Informed with Weekly Updates



Topics: Phishing LinkedIn email scams fraud fastbreak

Back to Blog


Something Powerful

Tell The Reader More

The headline and subheader tells us what you're offering, and the form header closes the deal. Over here you can explain why your offer is so great it's worth filling out a form for.


  • Bullets are great
  • For spelling out benefits and
  • Turning visitors into leads.

Recent Posts

Posts by Topic

see all