MailGuard has identified 3 similar types of phishing emails making their way into inboxes on late Thursday morning.
The emails are titled as follows:
7 unread emails for <recipient>
Synchronization was unsuccessful
Office 365 Email Security Verification
.png?width=578&name=Screenshot%20from%202018-10-11%2015-15-23%20(004).png)
All three scams use very similar messages. They are all short plain text, advising the recipient that there was a problem with their mailbox.
.png?width=600&name=Screenshot%20from%202018-10-11%2015-13-02%20(004).png)
The emails actually came from multiple compromised email addresses.
.png?width=600&name=Screenshot%20from%202018-10-11%2015-14-07%20(004).png)
To solve this problem, the emails encourage users to click a link to recover or read messages.
Unsuspecting victims who click on the link are led to a copy of the Office 365 Log In Page, that is hosted on multiple compromised websites.
This is actually a phishing page, designed to steal the recipient’s email address and password.
.png?width=600&name=Screenshot%20from%202018-10-11%2015-17-45%20(002).png)
How can you protect yourself from these types of email scams?
- Check who it was sent by. Examine the sender or reply-to address and check that it hasn’t been sent from a similar, but recently-registered domain.
- Be alert for strange sentence structure, or phrasing uncommon to the apparent sender.
- Never sidestep formal processes for payments. If in doubt, ring the apparent sender. If they’re not available, wait until they are. A funds transfer is better to arrive later than to be lost without a trace to an overseas cybercriminal.
- Implement scam-proof approvals processes for financial transfers such as two-factor authentication, which requires two employees to sign off on wire transfers
- Education is imperative. Teach staff and employees what fraudulent emails look like.
- Ensure your email security is up to scratch. A cloud-based, threat detection service such as MailGuard will protect your staff in real-time from targeted attacks, without the dangerous time-lag common with signature-based antivirus vendors.
For a few dollars per staff member per month, add MailGuard's cloud-based email filtering protection to your business security. You’ll significantly reduce the risk of new variants of malicious email from entering your network. Talk to an expert at MailGuard today about your company's cybersecurity needs: expert@mailguard.com.au
Stay up-to-date with new posts on the MailGuard Blog by subscribing to our email updates.
