Here’s a good reminder of why it doesn’t hurt to think twice before clicking on links within an email – even if it appears to be sent from a known sender.
MailGuard intercepted a malicious email from an account that appears to be compromised. The email informs recipients that the sender has sent them a “docyment”, supposedly in the form of an Adobe PDF. This typo appears to be intentional, likely included to circumvent rules by email security filters that are designed to search for the word “document”.
A link is provided to “open” the file, as per the below:
Unsuspecting recipients who click on the link to “review document” are led to an intermediary site which asks the user to click a download link. This page also includes branding elements from the sender’s company.
Clicking on the button to “click here to view” leads users to a login page employing Microsoft’s logo and OneDrive branding. However, the page’s domain doesn’t belong to Microsoft – a red flag indicating that it isn’t legitimate. The page asks users to insert their email in order "to open this secure link", as per the below:
Once users have inserted their email address, they are led to another page asking for their password. This page also employs high-quality branding elements commonly found in legitimate Microsoft pages.
Once these credentials are entered and submitted, they are harvested for later use, and the user is met with an error stating that the password is incorrect.
Whilst MailGuard is stopping this email scam from reaching Australian businesses, we encourage all users to be extra vigilant against this kind of email and whatever happens, do not respond to it.
By claiming that a new document has been shared, this email scam aims to intrigue recipients, motivating them to click on the link to view it as soon as possible.
Scams that are initiated from compromised accounts are particularly dangerous, for a number of reasons:
- The emails are sent from a legitimate account, so they are not likely to be blocked by email security services,
- The recipients are more receptive to the emails because they are from a legitimate service, and especially where the sender is known to them, and
- Because they may deliver a malicious payload, or simply a PDF file like these examples, directing users to external phishing pages to harvest credentials.
Cybercriminals frequently exploit the branding of global companies like Microsoft in their scams, because their good reputation lulls victims into a false sense of security. Because of the large number of users globally, Microsoft is a regular victim of these scams.
Phishing continues to be one of the most prevalent forms of cyber-crime. The vast majority of online scams - more than 90% - are perpetrated using email, so it’s wise to always be sceptical of messages from unfamiliar senders asking you to log into your accounts.
Phishing attacks can be enormously costly and destructive, and new scams are appearing every week. Don’t wait until it happens to your business; protect your business and your staff from financial and reputational damage, now.
One email is all that it takes
All that it takes to break into your business is a cleverly-worded email message. If scammers can trick one person in your company into clicking on a malicious link they can gain access to your data.
For a few dollars per staff member per month, you can protect your business with MailGuard's predictive and advanced email security.
Talk to a solution consultant at MailGuard today about securing your company's network.
Why not stay up-to-date with MailGuard's latest blog posts by subscribing to free updates? Subscribe to weekly updates by clicking on the button below.
