Receiving an email about supposedly inaccessible or blocked messages can be alarming, but it doesn’t hurt to think twice about the credibility of the email – especially if it involves clicking on unknown links.
MailGuard intercepted one such email today morning, the 8th of July 2019 (AEST). This email was identified as a phishing scam.
Sent via a compromised email address, the email uses a display name that is corresponding to the recipient’s email address. It is titled ‘Error Message’ and appears in simple plain text.
The body of the email message informs recipients that their emails are stuck on the server pending their session 'revalidation'. As the recipient is 'still using an outdated email settings' they are directed to use a ‘maintenance portal’ to update and retrieve their messages. A link is included to access this portal.
Here is a screenshot of the email:
Unsuspecting recipients who click on the button access this portal are taken to a Microsoft Forms hosted form titled ‘Microsoft Maintenance Portal’. The page requests they enter their email address and password, as per the below:
Upon submitting their account details, users are directed to another portal page that confirms their response was submitted successfully:
Cybercriminals frequently exploit the branding of global companies like Microsoft in their scams, because their good reputation lulls victims into a false sense of security. Because of the large number of users globally, Microsoft is a regular victim of these scams.
The phishing email contains several typical elements that attempt to trick recipients into falling for the scam:
- use of a major brand name to inspire false trust; the incorporation of Microsoft’s Maintenance Portal,
- the inclusion of safety features & reminders such as ‘Never give out your password’ in the form page; this is typically expected of a well-established tech company such as Microsoft,
- and attempt to alarm; telling the recipient that their incoming messages have been blocked creates a sense of urgency, motivating the recipient to click on the malicious link.
Despite these elements, the email in itself contains several tell-tale signs that commonly belong to fraudulent emails and should help eagle-eyed recipients point to its illegitimacy. These include grammatical errors (such as ‘still using an outdated email settings), as well as the fact that the ‘from’ field uses the recipient’s domain.
Phishing continues to be one of the most prevalent forms of cyber-crime. The vast majority of online scams - more than 90% - are perpetrated using email, so it’s wise to always be skeptical of messages from unfamiliar senders asking you to log into your accounts.
Phishing attacks can be enormously costly and destructive, and new scams are appearing every week. Don’t wait until it happens to your business; protect your business and your staff from financial and reputational damage, now.
Cybercriminals use email scams to infiltrate organisations with malware and attack them from the inside.
All criminals need to break into your business is a cleverly worded message. If they can trick one person in your company into clicking on a malicious link they can gain access to your data.
For a few dollars per staff member per month, you can protect your business with MailGuard's predictive email security.
Talk to an expert at MailGuard today about making your company's network secure: click here.
Stay up-to-date with new posts on the MailGuard Blog by subscribing to free updates. Click on the button below: