MailGuard Blog

The latest phishing attack intercepted by MailGuard begins with a scam email purporting to be via popular collaboration tool, SharePoint. As workforces become more remote, it is common for employees to send confidential business documents to one another, and with over 200 million users of Microsoft SharePoint, there is a high likelihood unsuspecting victims will fall for the scam.  

Email users are advised to be wary of a phishing email masquerading as a “pending message notification”.

Microsoft is once again the subject of a phishing email scam.

MailGuard intercepted a malicious email in the form of a file-sharing notification from an account that appears to be compromised. The email body contains the Microsoft logo, and invites recipients to review the document via a button.

In January, we intercepted a phishing scam impersonating Australian financial services company Latitude Financial. Now, a similar phishing email spoofing the company has been identified and blocked. 

It might sound exciting to receive an email announcing an unexpected inflow of Qantas Travel Money, but don’t be too quick to follow its instructions – your surprise might just turn into a bit of a shock.

3-step verification is a common digital safety feature used by many established brands to protect sensitive data of their customers online. Because of its widespread usage, it is, ironically, also a popular tool used by cybercriminals to trick unsuspecting users.

Getting an email about a supposedly new voicemail might intrigue and tempt you to explore further but think again before you click on any links.

Imitating leading financial institutions is a common trick adopted by cybercriminals to gain access to users’ confidential data. MailGuard intercepted a large-scale phishing email scam purporting to come from Latitude Financial yesterday, the 14^th of January 2020 afternoon (AEST).

Receiving an email about supposedly inaccessible or blocked inboxes can be alarming, but it doesn’t hurt to think twice about the credibility of the email – especially if it involves clicking on unknown links.

The latest email phishing scam impersonating Microsoft Office 365 arrived in inboxes late Tuesday afternoon. Masquerading as an email from the "Support Team" the scam is actually sent by multiple malicious senders. It links to a phishing website designed to trick users into entering their email password.

Careful not to click through on the latest email phishing scam impersonating Microsoft Office 365 today. The first run of the attack began hitting email inboxes between 8-10am AEST Friday.

Wednesday morning (AEST), a new email phishing scam started to arrive in inboxes, impersonating Microsoft Office 365. The subject reads: '(5) messages returned - failure to sync.'

A new phishing scam discovered by MailGuard is trying to mislead victims by impersonating a OneDrive notification.

Zero-day phishing attack detected by MailGuard: this phishing email is designed to look like an invoice notification message from Microsoft Dynamics.

You can see in the screenshot above, that this is not a very well designed email scam, but the use of Microsoft’s branding makes the scam more likely to fool people.

The world’s biggest brand names are being used to trick people into handing over sensitive personal and financial information.