MailGuard has detected a new email scam that uses a ‘voicemail’ to deliver a phishing attack.
The malicious emails were first detected on Wednesday, 20th November, afternoon (AEST). Using a display name of ‘Voicemail’, the email originates from multiple compromised email addresses. It purports to be a voicemail from the sender delivered via Microsoft Outlook. The body of the email invites the recipient to click on the provided link to listen to the message.
Here is a screenshot of the email:
Unsuspecting recipients who click on the link to ‘listen to message’ are led to a phishing webpage that simulates Microsoft Outlook sign-in.
Here is a screenshot of the page:
Once the victims insert their login credentials, an error is simulated, and the recipient’s details are harvested maliciously, as per the below:
Whilst MailGuard is stopping this email scam from reaching Australian businesses, we encourage all users to be extra vigilant against this kind of email and whatever happens, do not open or click on it.
As you can see from the screenshots above, cybercriminals have attempted to boost the credibility of this email scam by incorporating Outlook’s logos and branding using high quality graphical elements. The inclusion of fields such as 'To', 'Date' & 'Length' also serve to increase the credibility of the email.
Despite this attempt, eagle-eyed recipients would be able to identify the inauthenticity of the email due to several red flags. These include the fact that the recipient isn’t directly addressed in the email.
Phishing continues to be one of the most prevalent forms of cyber-crime. The vast majority of online scams - more than 90% - are perpetrated using email, so it’s wise to always be skeptical of messages from unfamiliar senders asking you to log into your accounts.
What to look out for
As a precaution, avoid clicking links in emails that:
- Are not addressed to you by name, have poor English or omit personal details that a legitimate sender would include (e.g. – tracking ID).
- Are from businesses you’re not expecting to hear from.
- Ask you to download any files or messages, including audio notes.
- Take you to a landing page or website that does not have the legitimate URL of the company the email is purporting to be sent from.
Don't get scammed
If your company’s email accounts aren’t protected, emails like the one above are almost certainly being received by your staff. Cybercriminals know people can be tricked; that’s why they send out millions of scam messages and put so much effort into making them look convincing.
People are not machines; we're all capable of making bad judgement calls. Without email filtering protecting your business, it’s just a matter of time before someone in your organisation has a momentary lapse of judgement and clicks on the wrong thing.
Is your business receiving criminal intent emails?
It's time to get the protection your business needs.
Cybercriminals use email scams to infiltrate organisations with malware and attack them from the inside. All criminals need to break into your business is a cleverly-worded message. If they can trick one person in your company into clicking on a malicious link they can gain access to your data.
Speak to the MailGuard team today to learn more how MailGuard's predictive and advanced email security can help protect your business for a few dollars per staff member per month.
Talk to a solution consultant at MailGuard today about securing your company's network.
Why not stay up-to-date with MailGuard's latest blog posts by subscribing to free updates? Subscribe to weekly updates by clicking on the button below.