A new phishing email scam has been intercepted by MailGuard, this time masquerading as payment advice.
Titled “Payment Confirmation”, the phishing email was sent via multiple compromised senders. The display name used in the email is the sender’s email address, while the “To:” field includes the recipient’s email address.
The email body is short, and informs the recipient that payment is “complete on 9th of April 2020”. It claims that “proof” of this payment is attachment, and directs the recipient to respond in order to “move forward.”
Here is a screenshot of the email:
An attachment is included in the email, in the form of a .PDF. The attachment name is customised according to the recipient’s email address.
Unsuspecting recipients who click on the attachment will find that the attachment doesn’t open a PDF file. Instead, an HTML page appears with its background blurred. To view the file, users are directed to enter their password. A button is provided, titled ‘Next’ that is actually a phishing link designed to harvest users’ passwords:
Upon inserting their password and clicking ‘next’, users are finally led to a new page that is hosted online on OneDrive. This page has been designed to look like an ANZ Payment receipt, as per the below:
While the email in itself is a plain-text one and isn’t exactly sophisticated in design, cybercriminals have included several elements in the scam to avoid detection. This includes the fact that the malicious phishing link isn’t within the actual message body, but hidden within the attachment containing the HTML page. The fake ANZ ‘lodgement receipt’ in the final stage of the scam also includes details such as receipt number and account number, along with high quality branding elements (like ANZ’s logo). All this serves to convince users that this is a legitimate ‘payment confirmation’.
Despite these techniques, eagle-eyed recipients of this email would be able to spot several red flags that point to the email’s in-authenticity. These include the fact that the email doesn’t address the recipient directly, and that attachment doesn’t lead to a PDF file but a HTML page. The fact that the supposed ANZ receipt isn’t hosted on an ANZ domain but on OneDrive is another big red flag that this email is, in fact, not legitimate.
Whilst MailGuard is stopping this email scam from reaching end-users and businesses, we encourage all email users to be extra vigilant against this kind of email and whatever happens, do not open or click them.
Phishing continues to be one of the most prevalent forms of cyber-crime. The vast majority of online scams - more than 90% - are perpetrated using email, so it’s wise to always be sceptical of messages from unfamiliar senders asking you to log into your accounts.
As a precaution, MailGuard urges you not to click links within emails that:
- Are not addressed to you by name.
- Appear to be from a legitimate company but use poor English, or omit personal details that a legitimate sender would include.
- Are from businesses that you were not expecting to hear from.
- Take you to a landing page or website that is not the legitimate URL of the company the email is purporting to be sent from.
Don't get scammed
If your company’s email accounts aren’t protected, emails like the one above are almost certainly being received by your staff. Cybercriminals know people can be tricked; that’s why they send out millions of scam messages and put so much effort into making them look convincing.
People are not machines; we're all capable of making bad judgement calls. Without email filtering protecting your business, it’s just a matter of time before someone in your organisation has a momentary lapse of judgement and clicks on the wrong thing.
One email is all that it takes
All that it takes to break into your business is a cleverly-worded email message. If scammers can trick one person in your company into clicking on a malicious link they can gain access to your data.
For a few dollars per staff member per month, you can protect your business with MailGuard's predictive and advanced email security.
Talk to a solution consultant at MailGuard today about securing your company's network.
Why not stay up-to-date with MailGuard's latest blog posts by subscribing to free updates? Subscribe to weekly updates by clicking on the button below.
