Look out for this fake Microsoft Office email asking you to "update your payment information now."

Posted by Vinelli Alarcon on 21 October 2019 at 14:53:42 AEDT

MailGuard intercepted this legitimate-looking phishing email scam this morning Monday, October 21st, 2019 (AEDT).

The email has been designed to evoke a sense of urgency. Recipients learn that their "payment has been declined" and must update their payment information in order "to avoid interruption of service."

As you can see from the screenshot of the email below, it's convincing. Below are some of the techniques used to boost the email's legitimacy: 

  • Microsoft Office 365 branding is current with a high-quality logo used;
  • the email is well-written with few grammatical errors and is well-formatted;
  • fake details have been added to reinforce credibility (like Account Information); and
  • the phishing URL begins with 'login.microsoftonline.com';

 

Here is a screenshot of the email:

Blog post 22-10 edited

 

The link to the "customer portal" (within the email) directs recipients to a phishing page that is an identical copy of the legitimate Microsoft Office 365 sign-in page, it has been designed to harvest email and password variants. See screenshot below.

Scam_Microsoft_SignInPage_21102019

However, cyber-savvy recipients would notice the following tell-tale signs:

  • the sender address 'service.client@mails.total.direct-energie.com'; 
  • the actual domain of the URL is 'adhd-iceland.com'; and
  • the sender address at the envelope level is different than the one present in the "from" field.

Recipients fooled into providing their Office 365 login credentials receive a simulated error page that reads "Sorry, but we're ha­­ving trouble with signing you in" and are then redirected to the actual Microsoft sign-in page.

Once a user submits their login credentials to the fake sign-in page, their data has been compromised.

For businesses protected by MailGuard, this phishing email is now 100% blocked. 

If you've received this email, delete it immediately without clicking on any links. 

MailGuard urges email users to remember that cybercriminals prey on the brands that we trust and love, like Microsoft. It's wise to always be sceptical of messages from unfamiliar senders asking you to log into your accounts.

 

Is your business receiving criminal intent emails?

It's time to get the protection your business needs. 

Cybercriminals use email scams to infiltrate organisations with malware and attack them from the inside. All criminals need to break into your business is a cleverly-worded message. If they can trick one person in your company into clicking on a malicious link they can gain access to your data.

Speak to the MailGuard team today to learn more how MailGuard's predictive and advanced email security can help protect your business for a few dollars per staff member per month. 

Talk to a solution consultant at MailGuard today about securing your company's network. 

 

Why not stay up-to-date with MailGuard's latest blog posts by subscribing to free updates? Subscribe to weekly updates by clicking on the button below.

Keep Informed with Weekly Updates

 

 

Topics: Phishing brand exploitation brandjacking fraud ZeroDay spoofing fastbreak Microsoft Office 365

Back to Blog

Comments:


Something Powerful

Tell The Reader More

The headline and subheader tells us what you're offering, and the form header closes the deal. Over here you can explain why your offer is so great it's worth filling out a form for.

Remember:

  • Bullets are great
  • For spelling out benefits and
  • Turning visitors into leads.

Recent Posts

Posts by Topic

see all