Don’t panic if you receive an email supposedly from Mailgun Technologies claiming an invoice is due. This is part of a phishing email scam designed to harvest your confidential data.
Here’s what it looks like:
Unsuspecting recipients who click on the link to pay the invoice are led to a fake login page. This page is a faithful representation of the actual Mailgun login page, and employs high-quality branding elements belonging to the tech company. Here’s what it looks like:
This is actually a phishing page that is hosted on a compromised Wordpress website. Once users “log in” and enter their credentials, the attacker harvests them for later use, and the user is met with an error saying that the credentials are invalid, as per the below:
After a couple of attempts to “log in”, users will be redirected to the actual Mailgun login page.
Whilst MailGuard is stopping this email scam from reaching Australian businesses, we encourage all users to be extra vigilant against this kind of email and whatever happens, do not open or click on it.
Cybercriminals frequently exploit the branding of global companies like Mailgun in their scams, because their good reputation lulls victims into a false sense of security, and with such a large number of users they are an easy and attractive target. Many companies use Mailgun to communicate with their customers via email, or else pay marketing firms to do that on their behalf using Mailgun’s services. Receiving an email informing them that an invoice from the company is due is might be concerning among companies. They may want to take immediate action in order to minimise disruptions to email communications with their customers. Cybercriminals hope that in their urgency to rectify the issue, users don’t pause to check for the legitimacy of the email and click on the phishing link.
MailGuard has intercepted several malicious emails impersonating Mailgun earlier, including one asking users to update their account details, and another one claiming your Mailgun account is suspended.
In this particular case, cybercriminals have attempted to boost the credibility of this email scam by incorporating Mailgun’s logo & branding. The inclusion of the invoice’s “details” in the email body (like the invoice number, and when it’s due etc.) is also an attempt to convince users that the invoice is genuine.
Despite this attempt, eagle-eyed recipients would be able to identify the inauthenticity of the emails due to several red flags. These include the fact that the recipient isn’t directly addressed in the email, and that it contains several spacing and formatting issues.
Mailgun lists the following advice on its support page:
“If you’ve received spam from a Mailgun customer, please report it to email@example.com. Send us the full email headers of the spam message so we can more quickly process your request and clean up our email stream.”
Phishing continues to be one of the most prevalent forms of cyber-crime. The vast majority of online scams - more than 90% - are perpetrated using email, so it’s wise to always be skeptical of messages from unfamiliar senders asking you to log into your accounts.
As a precaution, MailGuard urges you not to click links within emails that:
- Are not addressed to you by name.
- Appear to be from a legitimate company but use poor English, or omit personal details that a legitimate sender would include.
- Are from businesses that you were not expecting to hear from.
- Take you to a landing page or website that is not the legitimate URL of the company the email is purporting to be sent from.
One email is all that it takes
All that it takes to break into your business is a cleverly-worded email message. If scammers can trick one person in your company into clicking on a malicious link they can gain access to your data.
For a few dollars per staff member per month, you can protect your business with MailGuard's predictive and advanced email security.
Talk to a solution consultant at MailGuard today about securing your company's network.
Why not stay up-to-date with MailGuard's latest blog posts by subscribing to free updates? Subscribe to weekly updates by clicking on the button below.