Phishing email supposedly from ‘Dailpad’ claims you have ‘recieved’ a voicemail

Posted by Akankasha Dewan on 21 January 2020 15:51:19 AEDT

Getting an email about a supposedly new voicemail might intrigue and tempt you to explore further but think again before you click on any links.

MailGuard intercepted a phishing email masquerading as a voicemail notification on the 20th of January afternoon (AEST).

The email comes from a malicious sender using the display name ‘Dailpad’ and is titled ‘Voicemail recieved at 10:23 am’. The email contains a header saying ‘Voicemail on Dailpad’, while its body contains a short transcript of the voicemail, "I wanted to touch base and".  A button is included at the end of the email, that directs recipients to ‘Listen to VM here’.

Here is a screenshot of the email:

Dailpad edited

 

Unsuspecting recipients who click on the link to ‘listen to vm’ are led to a fake OneDrive-branded login page which offers them the option to log in via three different email providers – Office 365, Outlook and ‘Other mail’. This is actually a phishing page.

Here’s the screenshot of the phishing page:

voicemail 2_2001

Clicking on each of these options then leads the recipients to fake login pages containing the branding of the email provider selected, as per the below:

voicemail office 365

microsoft voicemail_2001

webmail voicemail_2001

Whilst MailGuard is stopping this email scam from reaching Australian businesses, we encourage all users to be extra vigilant against this kind of email and whatever happens, do not respond to it.

This email scam preys on curiosity of recipients who might not be expecting a voice message, motivating them to access the link as soon as possible.

While the login pages utilise high-quality branding elements of the email providers in a bid to seem legitimate, several red flags appear in the actual email that would make any eagle-eyed recipient conscious of its inauthenticity. These include the fact that the recipient isn’t addressed directly as well as several spelling errors like ‘voicemail recieved’.

To reduce the risk of being tricked by one of these scams, you should immediately delete any emails that:

  • Appear to be from a well-known organisation, typically a bank or service provider and are not addressed to you by name and may include poor grammar.
  • Ask you to click on a link within the email body in order to access their website. If unsure call the company directly and ask whether the email is legitimate
  • Offer money, reward or gift to entice you to hand over your personal details
  • Ask you to submit personal information that the sender should already have access to or should not be requesting from you in the first place

 

Stop email fraud

Cybercriminals know we can be tricked; that’s why they send out millions of scam messages and put so much effort into making them look convincing.

People aren't machines; we're all capable of making bad judgement calls. Without email filtering protecting your inbox, it’s all too easy to have a momentary lapse of judgement and click on the wrong thing.

For a few dollars per month, you can protect your inbox with MailGuard's predictive email security.

Talk to an expert at MailGuard today about making your email secure: click here.

Why not stay up-to-date with MailGuard's latest blog posts by subscribing to free updates? Subscribe to weekly updates by clicking on the button below.

Keep Informed with Weekly Updates

 

 

Topics: Phishing online banking Microsoft scam brand exploitation brandjacking fraud ZeroDay spoofing fastbreak

Back to Blog

Comments:


Something Powerful

Tell The Reader More

The headline and subheader tells us what you're offering, and the form header closes the deal. Over here you can explain why your offer is so great it's worth filling out a form for.

Remember:

  • Bullets are great
  • For spelling out benefits and
  • Turning visitors into leads.

Recent Posts

Posts by Topic

see all