Akankasha Dewan 08 April 2020 18:21:25 AEST 4 MIN READ

Phishing email sent supposedly from “IT Support” introduces employees to new “Outlook Web App”

MailGuard has intercepted a new phishing email that masquerades as a notification informing employees about a new “Outlook Web App”.

Titled “New Outlook Web App for Staff/Employee’’, the malicious emails use a display name of “Edgard Idris Waidi”, along with a sender address. Interestingly, this is the same name and email address that is provided in the “To:” field.

The body of the email begins with a header titled “Welcome to the New Outlook Web App for Staff/Employee”. The email, supposedly sent on “behalf of IT Support”, directs recipients to upgrade to a new type of employee portal featuring Outlook Web App via a link. It advises recipients to do this “within 24 hours to avoid delay on mail delivery”. The email ends by saying it has been sent via a “group email account” and is “very compulsory”. MailGuard discovered the email originates from a single compromised email address.

Here is a screenshot of the email:

outlook 2020 final

Unsuspecting recipients who click on the link are redirected to a webpage that appears to be hosted on GoDaddySites.com and is designed to look like an employee portal. It is titled “Outlook Web Access” and asks users for their username, email and password, as per the below:

outlook 2020 final 1

This is a phishing page designed by the scammers to harvest the user's login credentials. Upon inserting all the fields and clicking “Next”, users are shown another page that informs them their “account upgrade would be completed within the next 48 hours”.

Outlok 2020 final 2

We strongly advise all recipients to delete these emails immediately without clicking on any links.

This is a good example of how cybercriminals are leveraging on the uncertainty posed by the recent COVID-19 outbreak and its implications on the way we communicate and work. With many companies implementing new working policies (including remote work) for their employees, new and unfamiliar IT updates like these are increasingly expected from organisations as they try to ensure business continuity. Here are a few ways how cybercriminals have attempted to make this email look like a legitimate notification from an organisation:

  • use of the “Administrator Service System” signature to inspire authority and,
  • the threat of incoming emails being delayed; this creates a sense of urgency and anxiety, especially among those users who might be working remotely and want to minimise the possibility of any IT issues or complications. 

Despite these techniques, eagle-eyed recipients of this email would be able to spot several red flags that point to the email’s inauthenticity. These include the fact that the email doesn’t address the recipient directly, and that it contains several grammatical and spelling errors (e.g. “Click on Login here to login”). In addition, the phishing pages contain a few non-ASCII characters and aren’t hosted on familiar URLs belonging to Microsoft Outlook. Plus, the fact that the display name is also the same as the name used in the “To:” field is another big red flag that this email is, in fact, not legitimate.

As a precaution, MailGuard urges you not to click links within emails that:

  • Are not addressed to you by name.
  • Appear to be from a legitimate company but use poor English, or omit personal details that a legitimate sender would include.
  • Are from businesses that you were not expecting to hear from.
  • Take you to a landing page or website that is not the legitimate URL of the company the email is purporting to be sent from. 

Don't get scammed

If your company’s email accounts aren’t protected, emails like the one above are almost certainly being received by your staff. Cybercriminals know people can be tricked; that’s why they send out millions of scam messages and put so much effort into making them look convincing.

People are not machines; we're all capable of making bad judgement calls. Without email filtering protecting your business, it’s just a matter of time before someone in your organisation has a momentary lapse of judgement and clicks on the wrong thing.

One email is all that it takes

All that it takes to break into your business is a cleverly-worded email message. If scammers can trick one person in your company into clicking on a malicious link they can gain access to your data.

For a few dollars per staff member per month, you can protect your business with MailGuard's predictive and advanced email security.

Talk to a solution consultant at MailGuard today about securing your company's network.

Why not stay up-to-date with MailGuard's latest blog posts by subscribing to free updates? Subscribe to weekly updates by clicking on the button below.

Keep Informed with Weekly Updates