A new email phishing scam is targeting Webmail users, alerting email recipients that an attempt to login to their account was restricted, and asking them to click through for Account Validation.
MailGuard successfully identified and blocked this scam, however at the time of writing, only 4 out of 67 antivirus vendors have flagged these messages as phishing or malicious email.
A sample of the phishing email is shown below:
The email originates from a broad and generic sender shown only as the ‘E-mail Administrator’. In this attack cybercriminals are sending versions of the original message to hundreds of different companies, using a non-specific sender address by design in an attempt to confuse recipients, and hoping that the curiosity of those users might lead to email recipients clicking through.
When users click through to validate their account they are directed to a generic ‘Mail box’. The Mail box login is where the scam captures the email address and password of users.
This attack can leave recipients particularly vulnerable especially if they are business users. Any information shared via email would now be accessible to the cyber criminals.
As a precaution, we urge you to delete emails that:
- Appear to be from a legitimate company, are not addressed to you by name or are written in poor English.
- Require you to click a link in the email body to verify your identity, or
- Have an unusual request that you would not expect to receive from the official purported sender.
To protect your business, we recommend educating your staff about the nature of cyber threats and employing cloud-based email and web filtering. A multi-layered approach combining desktop antivirus, anti-malware and anti-spyware will further mitigate the threat posed by emerging scams.
Keep up to date on the latest email scams by subscribing to MailGuard’s weekly update or follow us on social media.
