MailGuard Blog — Breaking alerts, news and updates on cybersecurity topics

Phishing email titled “high-extremity alert” claims messages couldn’t be delivered; spoofs Microsoft Office 365

Written by Akankasha Dewan | 07 May 2020 05:10:45 Z

It can be alarming to receive an email claiming your incoming messages can’t be delivered, but think twice before you take any action.

MailGuard has intercepted a phishing email brandjacking Microsoft Office 365 that is attempting to trick users into handing over their confidential information. The display name used in the email includes the domain of the recipient’s email address as a prefix, followed by the words “Mail Control System”. It is titled “Extremity Alert Surfaced” followed by a time and date. The email actually originates from a single compromised email address. 

The body of the message includes a header containing Microsoft Office 365’s logo and branding. It informs users that “a high-extremity alert has surfaced” and that an “error has occurred when delivery was attempted”. Several other details are included, such as the “severity” of the issue, the time, and the number of undelivered emails from “Contact”. A link is provided for users to “view message”.

Here is what the email looks like:

 

Unsuspecting recipients who click on the link are redirected to a fake Microsoft's Office 365-branded login page. This is actually a phishing page hosted on a domain not belonging to Microsoft, as per the below:

Users are asked to complete a CAPTCHA field first to verify their identity, then insert their password.



The first time the password is inserted a "wrong password" error is simulated.

Then, once the password is inserted again, users get a confirmation message that their account has been verified before being redirected to the authentic Office 365 login page.

We strongly advise all recipients to delete these emails immediately without clicking on any links. Please share this alert with your social media network to help us spread the word around this email scam.

The hallmark of this scam lies in how “urgent” it looks. Cybercriminals have employed multiple elements to instil alarm and panic in recipients, hoping that this will distract them from pausing to check for the email’s legitimacy before clicking on the link in the email. Here are a few ways they have done this:

  • The use of a subject like “Extremity Alert surfaced”. This is designed to grab recipient’s attention and trick them into taking immediate action. The inclusion of a date and time in the email further boosts the credibility of this “alert”.  
  • The message body includes details like the “severity’’ of the notification, which is labelled as “high”, further emphasizing that this alert is to be taken seriously, motivating recipients to take quick action.
  • The presence of Microsoft Office 365’s branding and logo – both in the email and in the phishing pages – serves again to convince the recipients that the email is actually from Microsoft.
  • The usage of the CAPTCHA feature in the phishing page. Safety features like this are likely to be present in official notifications from a well-established company like Microsoft – once again helping to boost the email’s credibility.  

Despite these techniques, eagle-eyed recipients of this email would be able to spot several red flags that point to the email’s in-authenticity. These include the fact that the email doesn’t address the recipient directly, and that the domain used in the phishing pages doesn’t belong to Microsoft.

Whilst MailGuard is stopping this email scam from reaching Australian businesses, we encourage all users to be extra vigilant against this kind of email and whatever happens, do not open or click them.

As a precaution, MailGuard urges you not to click links within emails that:

  • Are not addressed to you by name.
  • Appear to be from a legitimate company but use poor English, or omit personal details that a legitimate sender would include.
  • Are from businesses that you were not expecting to hear from.
  • Take you to a landing page or website that is not the legitimate URL of the company the email is purporting to be sent from. 

Don't get scammed

If your company’s email accounts aren’t protected, emails like the one above are almost certainly being received by your staff. Cybercriminals know people can be tricked; that’s why they send out millions of scam messages and put so much effort into making them look convincing.

People are not machines; we're all capable of making bad judgement calls. Without email filtering protecting your business, it’s just a matter of time before someone in your organisation has a momentary lapse of judgement and clicks on the wrong thing.

One email is all that it takes

All that it takes to break into your business is a cleverly-worded email message. If scammers can trick one person in your company into clicking on a malicious link they can gain access to your data.

For a few dollars per staff member per month, you can protect your business with MailGuard's predictive and advanced email security.

Talk to a solution consultant at MailGuard today about securing your company's network.

Why not stay up-to-date with MailGuard's latest blog posts by subscribing to free updates? Subscribe to weekly updates by clicking on the button below.

 

 
View full post