MailGuard Blog

Microsoft Office 365 and Smartsheet users are cautioned to be aware of any email correspondence asking you to open and sign a ‘Confidential Commercial Credit’ agreement. This is a phishing attempt, that not only aims to steal sensitive login credentials, but potentially download malware, that could be incredibly damaging to networks. With millions of Smartsheet and Microsoft users worldwide, it is more than likely that innocent victims will fall prey to this phishing attempt, particularly since the scammers are using compromised email addresses to trick recipients, utilising trusted Microsoft branding elements and given the frequency of shared documents amongst time-poor workers. Therefore, recipients are warned to remain vigilant and refrain from downloading any suspicious or unexpected files.  

The latest phishing attack intercepted by MailGuard begins with a scam email purporting to be via popular collaboration tool, SharePoint. As workforces become more remote, it is common for employees to send confidential business documents to one another, and with over 200 million users of Microsoft SharePoint, there is a high likelihood unsuspecting victims will fall for the scam.  

Email users are advised to be wary of a phishing email masquerading as a “pending message notification”.

Microsoft is once again the subject of a phishing email scam.

MailGuard intercepted a malicious email in the form of a file-sharing notification from an account that appears to be compromised. The email body contains the Microsoft logo, and invites recipients to review the document via a button.

In January, we intercepted a phishing scam impersonating Australian financial services company Latitude Financial. Now, a similar phishing email spoofing the company has been identified and blocked. 

It might sound exciting to receive an email announcing an unexpected inflow of Qantas Travel Money, but don’t be too quick to follow its instructions – your surprise might just turn into a bit of a shock.

3-step verification is a common digital safety feature used by many established brands to protect sensitive data of their customers online. Because of its widespread usage, it is, ironically, also a popular tool used by cybercriminals to trick unsuspecting users.

Getting an email about a supposedly new voicemail might intrigue and tempt you to explore further but think again before you click on any links.

Imitating leading financial institutions is a common trick adopted by cybercriminals to gain access to users’ confidential data. MailGuard intercepted a large-scale phishing email scam purporting to come from Latitude Financial yesterday, the 14^th of January 2020 afternoon (AEST).

Receiving an email about supposedly inaccessible or blocked inboxes can be alarming, but it doesn’t hurt to think twice about the credibility of the email – especially if it involves clicking on unknown links.

The latest email phishing scam impersonating Microsoft Office 365 arrived in inboxes late Tuesday afternoon. Masquerading as an email from the "Support Team" the scam is actually sent by multiple malicious senders. It links to a phishing website designed to trick users into entering their email password.

Careful not to click through on the latest email phishing scam impersonating Microsoft Office 365 today. The first run of the attack began hitting email inboxes between 8-10am AEST Friday.

Wednesday morning (AEST), a new email phishing scam started to arrive in inboxes, impersonating Microsoft Office 365. The subject reads: '(5) messages returned - failure to sync.'

A new phishing scam discovered by MailGuard is trying to mislead victims by impersonating a OneDrive notification.

Zero-day phishing attack detected by MailGuard: this phishing email is designed to look like an invoice notification message from Microsoft Dynamics.

You can see in the screenshot above, that this is not a very well designed email scam, but the use of Microsoft’s branding makes the scam more likely to fool people.