Do not be too quick to click everything in your inbox. Cybercriminals circulated multiple variations of a malicious phishing email scam on Friday (AEST).
Using a display name of "Mail Service", the emails actually come from one of several compromised accounts.
The email advise the recipient that their incoming messages are being ‘blocked’ due to a problem. To retrieve those messages, they are encouraged to click on a link titled ‘view your email quarantine’ and ‘release to inbox’.
Appearing as a blocked/quarantined email report, the emails inform the customer that some messages to their account have been blocked by their administrator due to 'validation error.' The messages will be automatically removed from quarantine after 7 days.
A table is displayed, showing all the emails that have been quarantined. The table lists the recipient as the recipient of the scam, and include a subject and what was supposed to be the date. However, instead of an actual date, the %DATE% placeholder is shown instead. Also of note is that 'Release' is misspelt on the first line. Here is a screenshot of the email:
Multiple links are provided in the email, including to ‘view your email quarantine’. MailGuard understands unsuspecting recipients who click on the 'Releahe' links do not lead to a valid page, while the 'your email quarantine' and 'open all messages' links lead to a compromised website, hosting a phishing page. Here is a screenshot of the page:
This page is designed to harvest confidential information of users. Interestingly, this page changes the heading 'yourdomain' based on the email address of the recipient who clicked on it. Essentially, the recipient’s email becomes part of the link, which is then used to change the heading on the page. This is a common tactic used to make the phishing pages look like they belong to the recipient's organisation.
As you can see in the screenshots above, the email body provides a decent amount of data and information about supposedly ‘quarantined’ emails, boosting the legitimacy of the email.
However, the email also contains several red flags which should make any recipient vigilant enough to spot them suspicious of its authenticity. These include the misspelling of the word ‘release’ and also the lack of dates in the ‘date:’ field.
MailGuard urges all cyber users to be vigilant when accessing their emails, and look out for tell-tale signs of malicious emails:
Tell-tale signs of email scams:
- Generic greetings, such as ‘dear customer’
- A sense of urgency, e.g. “ensure your invoice is paid by the due date to avoid unnecessary fees”
- Bad grammar or misuse of punctuation and poor-quality or distorted graphics (this attempt isn’t let down by bad grammar, making it more likely some people will take the bait)
- An instruction to click a link to perform an action (hover over them to see where you’re really being directed)
Stop email fraud
Cybercriminals know we can be tricked; that’s why they send out millions of scam messages and put so much effort into making them look convincing.
People aren't machines; we're all capable of making bad judgement calls. Without email filtering protecting your inbox, it’s all too easy to have a momentary lapse of judgement and click on the wrong thing.
Stay up-to-date with new posts on the MailGuard Blog by subscribing to free updates. Click on the button below: