MailGuard has detected a new phishing scam using UPS branding to try and win the trust of victims.
This well-designed scam message tells recipients that their “UPS” package is available for delivery and invites them to track their parcel by clicking on a link; see screenshot above.
The link in the message actually takes victims of this scam to a phishing website, where they are asked to log in with their Microsoft credentials.
The fake login page is shown in the screenshot below:
The display name on these scam messages is “Package Tracking” and the displayed sending address is “firstname.lastname@example.org.”
This scam is operating on a compromised website and although it looks quite convincing, it’s sole purpose is to steal the user login details of victims.
#ZERODAY #FASTBREAK HTML email #brandjacking @UPS contains a single link to a Microsoft-branded phishing site which asks twice for your password, displays a confirmation page then redirects to the legitimate Microsoft login page. More details on the blog: https://t.co/mMWOy5S4BY pic.twitter.com/6PqNEDrv1V— MailGuard (@MailGuard) April 23, 2018
Scammers have come up with some devious tactics to induce their victims into falling for their tricks, and one of the most successful is brandjacking.
Essentially, brandjacking is a kind of forgery; scammers exploit the trademarks of well-known companies to deceive their victims and gain their trust.
In a typical brandjacking scam, criminals create email templates that look like messages from big companies and send them out wholesale to millions of recipients. When the scam messages show up in victim’s inboxes they feel safe opening them, because they look like legitimate emails from familiar companies.
> Read more about brandjacking scams and how to recognise them, here.
One email is all it takes
Doing business online opens up opportunities for collaboration on an unprecedented level, but with that opportunity comes significant risk. Cybercriminals use simple scam emails to infiltrate organisations with malware and attack them from the inside.
All criminals need to break into your business is a cleverly worded email. If they can trick one person in your company into clicking on a malicious link they can gain access to your data.
For a few dollars per staff member per month, you can protect your business with MailGuard's predictive email security.
Talk to an expert at MailGuard today about making your company's network secure: click here.
Stay up-to-date with new posts on the MailGuard Blog by subscribing to free updates. Click on the button below: