Don't be too quick to click everything that appears in your inbox. A new email claiming to share a new “folder” has been identified as a phishing scam by MailGuard and has been successfully blocked.
The email appears to be an automated message from a file sharing system. Its subject informs recipients that a folder titled “Statements 2019” has been shared by the sender. The email body is short, and includes a link to “open” the folder, along with the logo of the company it purports to be from. It ends with the signature & contact details of an office manager. The email actually comes from a freemail address provided by Microsoft’s Outlook service.
Here is what the email looks like:
Unsuspecting recipients who click on the button to open the folder are led to an intermediary site which asks the user to click a download link. This page contains details of the supposed “folder”, including its name, size, and when it was uploaded, as per the below:
After the link is clicked, it leads to a login page that asks for the user to log into their preferred email service, like Outlook, Google etc, as per the below:
Upon choosing their preferred login, users are asked to insert their email address and password, as per the below:
Once these credentials are entered and submitted, the attacker harvests them for later use, and the user is redirected to another page to make it seem like the login was successful.
Whilst MailGuard is stopping this email scam from reaching Australian businesses, we encourage all users to be extra vigilant against this kind of email and whatever happens, do not respond to it.
By claiming that a new folder has been shared, this email scam aims to intrigue recipients. The inclusion of the sender’s signature and contact details is another tactic to make the email look legitimate. All this serves to elicit a more confident response from recipients who think they are, in fact, viewing a folder from a legitimate sender. This motivates the recipient to click on the provided link right away, distracting them from checking the sending address of the email and looking out for any other errors.
It’s also interesting to note that the phishing page employs branding elements of many popular email services to appear legitimate. However, the page includes embedded styling and uses data URIs to display images, meaning they are actually embedded within the page itself, rather than being accessed from somewhere external. The only external reference is in the login form, which is the location to which the victim's login details are sent. This is likely to be an evasion tactic, designed to reduce the risk of external links being detected and blocked by email security filters. This scam ends with the user being redirected to a different page, rather than a “credentials are invalid” error – again an attempt to mask the phish.
In addition, using a file-sharing notification to trick users is another trick employed by cybercriminals to avoid detection. In the midst of the current COVID-19 pandemic, it’s common for employees working remotely to share confidential business documents with one another via email, so notifications like this one aren’t likely to raise too much suspicion.
Phishing continues to be one of the most prevalent forms of cyber-crime. The vast majority of online scams - more than 90% - are perpetrated using email, so it’s wise to always be sceptical of messages from unfamiliar senders asking you to log into your accounts.
Phishing attacks can be enormously costly and destructive, and new scams are appearing every week. Don’t wait until it happens to your business; protect your business and your staff from financial and reputational damage, now.
One email is all that it takes
All that it takes to break into your business is a cleverly-worded email message. If scammers can trick one person in your company into clicking on a malicious link they can gain access to your data.
For a few dollars per staff member per month, you can protect your business with MailGuard's predictive and advanced email security.
Talk to a solution consultant at MailGuard today about securing your company's network.
Why not stay up-to-date with MailGuard's latest blog posts by subscribing to free updates? Subscribe to weekly updates by clicking on the button below.