MailGuard has intercepted a widespread phishing campaign targeting business users with fake quarantine email alerts, a tactic designed to steal mailbox credentials via a fraudulent webmail login page.
This latest attack uses a simple yet effective approach. Victims receive an email appearing to come from a legitimate quarantine system, warning that messages have been held and action is required. The sender details impersonate a system-generated mailbox, using the address adminqua(at)hoodscompanyllc(dot)com, with the display name “Email Quarantine.”The phishing emails commonly target generic business addresses like sales@ and admin@, increasing the likelihood of reaching shared mailboxes monitored by staff, and include the recipient email address in the subject line and throughout the body of the email to make it appear more legitimate.
Common Subject Lines identified include:
- `<Recipient’s Email>`: Urgent Quarantine Action Needed
- Alert: Quarantined Messages Identified for `<Recipient’s Email>`
- Critical Notification for `<Recipient’s Email>`: Quarantined
- Immediate Action Required: Quarantined Emails for `<Recipient’s Email>`
- Review Needed: Quarantine Alert for `<Recipient’s Email>`
- Urgent Email Quarantine Report for `<Recipient’s Email>`
Here's an example of what the emails look like 👇
Here's How It Works
The HTML-based email contains a single link leading to a fake webmail login page hosted on netlify.app, a known hosting service exploited by scammers for phishing sites. The page is designed to mimic a cPanel webmail login, complete with branding and password fields.
Victims are prompted to enter their email address and password, supposedly to release quarantined emails. Once submitted, the credentials are harvested. The phishing page then redirects users to their legitimate domain’s port 2096, the default port for cPanel webmail, giving the impression of a successful login.
Stay Safe - Know the Signs
MailGuard advises all recipients of these emails to delete them immediately without clicking on any links. Responding or providing personal details can lead to identity theft, data breaches, and financial losses.
Avoid emails that:
- Aren’t addressed to you personally.
- Are unexpected and urge immediate action.
- Contain poor grammar or miss crucial identifying details.
- Direct you to a suspicious URL that isn’t associated with the genuine company.
Specifically for this campaign, be wary of:
- Unexpected quarantine alerts, especially targeting shared mailboxes,
- Poorly branded or generic quarantine reports,
- Links redirecting to suspicious domains like netlify.app, and
- Webmail login screens asking for credentials outside your known email platform.
Many businesses turn to MailGuard after a near miss or incident. Don't wait until it's too late. Reach out to our team for a confidential discussion by emailing expert@mailguard.com.au or calling 1300 30 44 30.
One Email Is All That It Takes
All that it takes to devastate your business is a cleverly worded email message that can steal sensitive user credentials or disrupt your business operations. If scammers can trick one person in your company into clicking on a malicious link or attachment, they can gain access to your data or inflict damage on your business.
For a few dollars per staff member per month, you can protect your business with MailGuard's specialist, 'zero zero-day' email security. Special Ops for when speed matters! Our real-time 'zero zero-day', email threat detection amplifies our client’s intelligence, knowledge, security and defence. Talk to a solution consultant at MailGuard today about securing your company's inboxes.
Stay up-to-date with MailGuard's latest blog posts by subscribing to free updates. Subscribe to weekly updates by clicking on the button below.
