Don't be too quick to click everything you see in your inbox. A new email claiming to share new 'secure' documents has been identified as a phishing scam by MailGuard and has been successfully blocked.
Titled “[SECURE] Sway Documents”, the email uses a display name of “Jane Williams”, with the “To:” field stating it has been sent to undisclosed recipients. The email body begins with the word “Attention!!!” and informs recipients that Jane Williams “is sharing a secure documents” that are “urgent”. A link is provided for users to view the documents. The email ends with a signature supposedly from Jane Williams, complete with her designation, company name and address.
Here is a screenshot of the email:
Unsuspecting recipients who click on the link to view the documents are led to a page hosted on Microsoft Sway that is titled “You have a secure document pending review”, as per the below screenshots:
Here users are, once again, provided with a link to “view document”. Clicking that link takes them to a fake Office 365-branded login page that is hosted on the domain "comicbooktrailers.net", with its background blurred. A message appears at the front of the page, asking users to sign in “with the email address this was sent to”, as per the below screenshots:
Once users close the message, the Office 365 login page becomes visible and they’re instructed to sign in. This is a phishing page designed to harvest users’ confidential data.
Upon “signing in”, users are finally redirected to the authentic Office 365 sign-in page.
We strongly advise all recipients to delete these emails immediately without clicking on any links. Please share this alert with your social media network to help us spread the word around this email scam.
As you can see from the screenshots above, cybercriminals have employed multiple elements to trick recipients. Here are some of them:
Despite these techniques, eagle-eyed recipients of this email would be able to spot several red flags that point to the email’s in-authenticity. These include the fact that the email doesn’t address the recipient directly, and that the domain in the phishing page doesn’t belong to Office 365. There are also several spelling and grammatical errors within the email, like “Jane Williams is sharing a secure documents”.
Cybercriminals also frequently exploit the branding of global companies like Microsoft in their scams, because their good reputation lulls victims into a false sense of security, and with such a large number of users they are an easy and attractive target.
Whilst MailGuard is stopping this email scam from reaching Australian businesses, we encourage all users to be extra vigilant against this kind of email and whatever happens, do not open or click them.
Phishing continues to be one of the most prevalent forms of cyber-crime. The vast majority of online scams - more than 90% - are perpetrated using email, so it’s wise to always be skeptical of messages from unfamiliar senders asking you to log into your accounts.
As a precaution, MailGuard urges you not to click links within emails that:
Don't get scammed
If your company’s email accounts aren’t protected, emails like the one above are almost certainly being received by your staff. Cybercriminals know people can be tricked; that’s why they send out millions of scam messages and put so much effort into making them look convincing.
People are not machines; we're all capable of making bad judgement calls. Without email filtering protecting your business, it’s just a matter of time before someone in your organisation has a momentary lapse of judgement and clicks on the wrong thing.
One email is all that it takes
All that it takes to break into your business is a cleverly-worded email message. If scammers can trick one person in your company into clicking on a malicious link they can gain access to your data.
For a few dollars per staff member per month, you can protect your business with MailGuard's predictive and advanced email security.
Talk to a solution consultant at MailGuard today about securing your company's network.
Why not stay up-to-date with MailGuard's latest blog posts by subscribing to free updates? Subscribe to weekly updates by clicking on the button below.