Akankasha Dewan 01 August 2019 12:26:03 AEST 3 MIN READ

Scam Alert: Remittance advice emails are linking to a phishing page

Don’t be too quick to believe everything you read in an email, especially if it’s been sent by someone you weren’t expecting to hear from.

Multiple inboxes are being hit by malicious emails, all masquerading as ‘remittance advice’. The first of these email scams was detected on Wednesday, 31st of July, around noon (AEST). MailGuard understands these malicious emails originate from 3 different compromised domains.

The emails are appearing in plain-text form, with an extremely short body. The subject line advises the recipient of the attachment of a ‘remittance advice’. The actual message simply contains an acknowledgement of thanks, with the words ‘Accounts payable’ below.  

Here’s a screenshot of the email:

The email includes an attached PDF. Unsuspecting recipients who click on the attachment are led to a fake OneDrive page hosted on box.com as per the below:

Clicking on the button to ‘view document’ then takes recipients to the actual phishing page which is a multi-platform login form:

The page offers recipients the options to login using a variety of email domains, including Office 365, Outlook and also ‘others’. Upon logging in, the page harvests the confidential account details of the recipients, aiding them in committing identity theft or accessing other sensitive data.

While the actual email infiltrating inboxes is relatively simple-looking, cybercriminals have employed high-definition graphics and branding (including logos) of well-known email providers. This is done in a bid to convince users of the legitimacy of the email. Multiple email providers are brandjacked in this particular email, further boosting the scam’s authenticity as this allows the user to view the shared files via an email address of their choice – an advantageous feature normally expected from credible and well-established file-hosting services such as OneDrive.

Cybercriminals also frequently exploit the branding of global companies like Microsoft in their scams, because their good reputation lulls victims into a false sense of security, and with such a large number of users they are an easy and attractive target.

Whilst MailGuard is stopping this email scam from reaching Australian businesses, we encourage all users to be extra vigilant against this kind of email and whatever happens, do not open or click them.

Users should look out for these tell-tale signs of malicious emails:

Tell-tale signs of email scams

  • Do not address recipients directly (e.g. “Dear customer”)
  • Bad grammar or misuse of punctuation and poor-quality or distorted graphics
  • An instruction to click a link to perform an action (hover over them to see where you’re really being directed)
  • Obscure sending addresses (for example, Hotmail, gmail, Yahoo addresses should set alarms bells ringing)

Don't get scammed

If your company’s email accounts aren’t protected, emails like the one above are almost certainly being received by your staff.  Cybercriminals know people can be tricked; that’s why they send out millions of scam messages and put so much effort into making them look convincing.

People are not machines; we're all capable of making bad judgement calls. Without email filtering protecting your business, it’s just a matter of time before someone in your organisation has a momentary lapse of judgement and clicks on the wrong thing.

For a few dollars per staff member per month, you can protect your business with MailGuard's predictive email security.
Talk to an expert at MailGuard today about making your company's network secure: click here.

Stay up-to-date with new posts on the MailGuard Blog by subscribing to free updates. Click on the button below:

Keep Informed with Weekly Updates