Phishing email cites users' email domains repeatedly to convince them their mailboxes have been 'de-activated'

Posted by Akankasha Dewan on 18 March 2020 14:37:21 AEDT

Checking for personal details within an email is a common method of determining its validity, but it’s key to remember cybercriminals are aware of this too.

MailGuard intercepted a phishing email titled “Approved termination request”. The display name used in this email begins with the recipient’s domain followed by the word “Administrator”. The email body includes a header which also includes the recipient’s domain. The message advises recipients that administrators have "approved to de-activate" the recipient’s email address following a “phone call request”. However, if they believe this is an error, users are directed to click the included link to "Cancel Request."

Here is a screenshot of the email:

Scam 1803

Unsuspecting recipients who click on the link are led to a fake Outlook-branded login page asking for their email address and passwords. At the time of writing this blog, the page had been taken down.

MailGuard urges all recipients of this email to delete it immediately without clicking on any links.

This email scam is a good example of how cybercriminals are increasingly playing mind games to trick users. The email includes the user’s email domain at multiple points in order to convince the user that this is a genuine, targeted notification in possession of the user’s personal details, instead of a generic (and therefore potentially illegitimate) email that users might dismiss easily. Being convinced that this email is legitimate and these administrators are able to control and de-activate their mailbox, users might be easily be tempted to rectify the situation by clicking on the link.

Besides this, the phishing email contains several typical elements that attempt to trick recipients into falling for the scam:

  • purporting to be from a relevant authority to inspire false trust; the use of the ‘ Administrator’ display name,
  • the inclusion of links to ‘Helpful Resources’ like ‘Get help and support for Office 365’ in the email; this is typically expected of genuine notifications from Microsoft,
  • and attempt to alarm; telling the recipient that their mailbox has been de-activated creates a sense of urgency & panic, motivating the recipient to click on the malicious link.

Despite these elements, the email in itself contains several tell-tale signs that commonly belong to fraudulent emails and should help eagle-eyed recipients point to its illegitimacy. These include the fact that besides users’ email domain, no other personal information is mentioned in the email (like first or last name).

Phishing continues to be one of the most prevalent forms of cyber-crime. The vast majority of online scams - more than 90% - are perpetrated using email, so it’s wise to always be skeptical of messages from unfamiliar senders asking you to log into your accounts.

Phishing attacks can be enormously costly and destructive, and new scams are appearing every week. Don’t wait until it happens to your business; protect your business and your staff from financial and reputational damage, now.

Please share this alert with your social media network to help us make more people aware of the threat.

Don't get scammed

If your company’s email accounts aren’t protected, emails like the one above are almost certainly being received by your staff. Cybercriminals know people can be tricked; that’s why they send out millions of scam messages and put so much effort into making them look convincing.

People are not machines; we're all capable of making bad judgement calls. Without email filtering protecting your business, it’s just a matter of time before someone in your organisation has a momentary lapse of judgement and clicks on the wrong thing.

One email is all that it takes

All that it takes to break into your business is a cleverly-worded email message. If scammers can trick one person in your company into clicking on a malicious link they can gain access to your data.

For a few dollars per staff member per month, you can protect your business with MailGuard's predictive and advanced email security.

Talk to a solution consultant at MailGuard today about securing your company's network.

Why not stay up-to-date with MailGuard's latest blog posts by subscribing to free updates? Subscribe to weekly updates by clicking on the button below.

Keep Informed with Weekly Updates



Topics: email scams fraud fastbreak

Back to Blog


Something Powerful

Tell The Reader More

The headline and subheader tells us what you're offering, and the form header closes the deal. Over here you can explain why your offer is so great it's worth filling out a form for.


  • Bullets are great
  • For spelling out benefits and
  • Turning visitors into leads.

Recent Posts

Posts by Topic

see all