MailGuard Blog

DocuSign seems to be winning the popularity contest amongst cybercriminals as MailGuard intercepts a second phishing scam imitating the global electronic agreement provider in just a matter of days. The scam emails appear to come from a compromised account belonging to a U.S. immigration law firm, as recipients are presented with an email purporting to be from the Accounts Department notifying the victim of an ‘EFT confirmation’ in .pdf format. Other trusted names such as Office 365, Gmail and AOL have been impersonated in the process.  

MailGuard has intercepted an email attack that uses multiple trusted brand names to fool victims into providing their sensitive information for credential harvesting. DocuSign, with hundreds of millions of users worldwide, is a household name with businesses and organizations using the tool for electronic signatures and agreements. Purporting to be from a prominent healthcare provider a DocuSign link is sent to recipients, in an attempt to capture email and login addresses and to potentially download malware. Other trusted names such as Adobe, Microsoft and IBM have been spoofed using accurately depicted branding and logos to catch victims off guard.  

This recent email attack threatens to steal user login credentials masquerading as trusted Microsoft email web app, Outlook. With over 400 million Outlook users globally, there is a good chance that you and your organisation are at risk of data theft.  

A fraudulent quarantine alert is the bait used for a recent email phishing scam currently being intercepted by MailGuard. Cybercriminals have used Outlook branding to trick unsuspecting recipients into entering their credentials (email username and password) for use in future criminal activity.  

The email arrives as an alert informing the victim of several emails whose delivery has been prevented due to system errors. After which, a link is provided to coerce the victim into reviewing the falsely quarantined emails. Recipients may be tricked into believing that the email is from the ‘Notifications Team’ however it appears to have come from a compromised Office 365 Account.  

Email users take care, MailGuard is intercepting a fraudulent file sharing email scam that uses a Microsoft OneDrive template and links to two different phishing pages, one of which employs Outlook OWA branding, and the other has branding for the recipient company. The campaign is designed to harvest sensitive user credentials that can be used in subsequent attacks and/or sold on the dark web.

The Australian Taxation Office (ATO) is once again the subject of a phishing email scam.

Enquiries or notifications related to purchase orders have long been used by cybercriminals to scam users - and looks like this trend is set to continue. 

MailGuard has intercepted a phishing email masquerading as an alert about a “progress claim”.

Launching phishing attacks via compromised accounts continues to be a popular technique among cybercriminals looking to deceive users. 

MailGuard has intercepted a phishing email masquerading as a security notification, sent supposedly from “Outlook Web Application”.

Invoices can be very costly indeed – and not always in the traditional sense. A recent phishing invoice email scam detected by MailGuard is designed to trick victims into revealing their confidential data.

MailGuard has intercepted a phishing email scam spoofing two popular business applications - Dropbox, a file sharing and collaboration platform, and Adobe, a multi-media computer software company. 

MailGuard has intercepted a new phishing email that masquerades as a notification informing employees about a new “Outlook Web App”.