Warning: Email sent from compromised account uses “important document” to deliver phishing attack

Posted by Akankasha Dewan on 19 November 2020 19:07:16 AEDT

A new phishing email scam intercepted by MailGuard is a good reminder of the importance of thinking twice before clicking on links within an email – even if it appears to be sent from a legitimate sender.

Masquerading as a file-sharing notification, the email’s subject claims an “Important Document is attached to your email”. While the email doesn’t emulate any particular brand, it is styled akin to notifications from Dropbox, a popular file sharing and collaboration platform among businesses. It is actually sent from a compromised email account. A button is provided for recipients to view the document, and the email ends with a signature of a director of a company.

Here's what the email looks like:


Unsuspecting recipients who click on the link to “view file transfer” are led to to a page hosted on a free website builder. Styled in a manner akin to the email, this page informs them that they have been “invited to view the attached share file”. This page, however, ends off with a sign off from “The Dropbox Team”, as per the below screenshot:


After clicking on the link to “view file transfer”, users are led to a fake Office 365-branded page, asking them to sign into their accounts. The domain used in this page’s URL however, doesn’t belong to Office 365 nor to Dropbox – a red flag pointing to its illegitimacy. This is actually a phishing page hosted on a website for BigBirdWeb (a web hosting company in India,) which appears to have been compromised.

Scam 1911_2

Once users enter their usernames and passwords, the attacker harvests the credentials for later use, and users are redirected to office.com.

Whilst MailGuard is stopping this email scam from reaching Australian businesses, we encourage all users to exercise caution when opening messages, and to be extra vigilant against this kind of cyber-attack. If you are not expecting a file from the sender, do not open the email, download files or click through on the links. Check with the sender first, even if they are known to you.

By claiming that a new “important document” has been shared, this email scam aims to intrigue recipients, motivating them to click on the link to view it as soon as possible. In addition, using a file-sharing notification to trick users is another trick employed by cybercriminals to avoid detection. In the midst of the current COVID-19 pandemic, it’s common for employees working remotely to share confidential business documents with one another via email, so notifications like this one aren’t likely to raise too much suspicion.

Scams that are initiated from compromised accounts are particularly dangerous, for a number of reasons:

  • The emails are sent from a legitimate account, so they are not likely to be blocked by email security services,
  • The recipients are more receptive to the emails because they are from a legitimate service, and especially where the sender is known to them, and
  • Because they may deliver a malicious payload, or simply a link to a file like these examples, directing users to external phishing pages to harvest credentials.

Cybercriminals frequently impersonate global companies like Microsoft and Dropbox in their scams, because their good reputation lulls victims into a false sense of security. Because of the large number of users globally, they are regular victims of these scams.

As a precaution, MailGuard urges you not to click links within emails that:

  • Are not addressed to you by name.
  • Appear to be from a legitimate company but use poor English, or omit personal details that a legitimate sender would include.
  • Are from businesses that you were not expecting to hear from.
  • Take you to a landing page or website that is not the legitimate URL of the company the email is purporting to be sent from. 

One email is all that it takes

All that it takes to break into your business is a cleverly-worded email message. If scammers can trick one person in your company into clicking on a malicious link they can gain access to your data.

For a few dollars per staff member per month, you can protect your business with MailGuard's predictive and advanced email security.

Talk to a solution consultant at MailGuard today about securing your company's network.

Why not stay up-to-date with MailGuard's latest blog posts by subscribing to free updates? Subscribe to weekly updates by clicking on the button below.

Keep Informed with Weekly Updates



Topics: Phishing microsoft dropbox email scams fraud fastbreak

Back to Blog


Something Powerful

Tell The Reader More

The headline and subheader tells us what you're offering, and the form header closes the deal. Over here you can explain why your offer is so great it's worth filling out a form for.


  • Bullets are great
  • For spelling out benefits and
  • Turning visitors into leads.

Recent Posts

Posts by Topic

see all