Akankasha Dewan 14 February 2019 14:44:29 AEDT 3 MIN READ

Phishing email scam hosts fake page on Microsoft's Azure blob store

As cybercrime evolves and as cybercriminals become more innovative in the way they infiltrate cyber systems, it has become even more critical for users to be vigilant when they are online.

MailGuard’s detection of a new phishing email scam impersonating Microsoft is a good reminder of how one can never be too careful when accessing emails.

The first of these malicious emails were detected in the afternoon of 7th February (AEST). Arriving in inboxes in the form of remittance advice, MailGuard understands the sender of these emails uses a fake domain, @mcveighau.com, that had been registered recently.   

The body of the email incorporates the branding and logo of both Microsoft and OneDrive and informs recipients that a remittance advice file has been shared with them. A link is provided to view the file.

The image below shows the format of the phishing message we intercepted:

Microsoft original image


If the victim clicks on the link in the email they are taken to a fake website, pretending to be a portal for Microsoft Office 365. Here is a screenshot of the image:

OneDrive page

This is not a real Microsoft website. Although the graphic design of the web page looks legitimate, this is a fake website used by hackers to collect login data from unsuspecting victims.

Another way that cybercriminals have tried to make this page seem authentic is the URL they have used for this page. MailGuard has detected this site is hosted on Microsoft's own Azure blob store. This means that for this page, cybercriminals were able to use a legit URL in the form of:

“https://proofpoint XX.blob.core.windows.net/advice/view.html”

In this way, they have a real "windows.net" URL and are able to leverage Microsoft's own real SSL certificates in the process. We understand many of the links that have been used by the cybercriminals responsible for this phishing email are being removed by Microsoft.

Phishing Is Still the #1 Threat

Like the recent LocalBitcoins scam, this latest phishing attack leverages the reputation of a well known and trusted brand like Microsoft to win the trust of victims. Because of the large number of users globally, Microsoft is a regular victim of these scams. 

The continued rise of cybercrime, and the relentless attacks on email inboxes by scammers mimicking major brands, should serve as a reminder for us all to be cautious about the links we click on. Readily available web tools make it very easy for cyber-criminals to create fake websites that look almost exactly like the real thing, so always remember to check the URL of a page before you trust it.

Phishing continues to be one of the most prevalent forms of cyber-crime. The vast majority of online scams - more than 90% - are perpetrated using email, so it’s wise to always be skeptical of messages from unfamiliar senders asking you to log into your web accounts.

Take Action to Defend Your Business

Phishing attacks can be enormously costly and destructive, and new scams are appearing every week. Don’t wait until it happens to your business; take action to protect your business and your staff from financial and reputational damage, now.

For a few dollars per staff member per month, add MailGuard's cloud-based email and web filtering solution to your business security. You’ll significantly reduce the risk of new variants of malicious email from entering your network. Talk to an expert at MailGuard today about your company's cybersecurity needs: expert@mailguard.com.au

Keep up to date on the latest email scams by subscribing to MailGuard’s weekly update, or follow us on Twitter @MailGuard.

Keep Informed with Weekly Updates


^ Back to Top