Getting an email about a supposedly new voicemail might intrigue and tempt you to explore further but think again before you click on any links.
MailGuard intercepted a phishing email masquerading as a voicemail notification on the 20th of January afternoon (AEST).
The email comes from a malicious sender using the display name ‘Dailpad’ and is titled ‘Voicemail recieved at 10:23 am’. The email contains a header saying ‘Voicemail on Dailpad’, while its body contains a short transcript of the voicemail, "I wanted to touch base and". A button is included at the end of the email, that directs recipients to ‘Listen to VM here’.
Here is a screenshot of the email:
Unsuspecting recipients who click on the link to ‘listen to vm’ are led to a fake OneDrive-branded login page which offers them the option to log in via three different email providers – Office 365, Outlook and ‘Other mail’. This is actually a phishing page.
Here’s the screenshot of the phishing page:
Clicking on each of these options then leads the recipients to fake login pages containing the branding of the email provider selected, as per the below:
Whilst MailGuard is stopping this email scam from reaching Australian businesses, we encourage all users to be extra vigilant against this kind of email and whatever happens, do not respond to it.
This email scam preys on curiosity of recipients who might not be expecting a voice message, motivating them to access the link as soon as possible.
While the login pages utilise high-quality branding elements of the email providers in a bid to seem legitimate, several red flags appear in the actual email that would make any eagle-eyed recipient conscious of its inauthenticity. These include the fact that the recipient isn’t addressed directly as well as several spelling errors like ‘voicemail recieved’.
To reduce the risk of being tricked by one of these scams, you should immediately delete any emails that:
- Appear to be from a well-known organisation, typically a bank or service provider and are not addressed to you by name and may include poor grammar.
- Ask you to click on a link within the email body in order to access their website. If unsure call the company directly and ask whether the email is legitimate
- Offer money, reward or gift to entice you to hand over your personal details
- Ask you to submit personal information that the sender should already have access to or should not be requesting from you in the first place
Stop email fraud
Cybercriminals know we can be tricked; that’s why they send out millions of scam messages and put so much effort into making them look convincing.
People aren't machines; we're all capable of making bad judgement calls. Without email filtering protecting your inbox, it’s all too easy to have a momentary lapse of judgement and click on the wrong thing.
Why not stay up-to-date with MailGuard's latest blog posts by subscribing to free updates? Subscribe to weekly updates by clicking on the button below.