MailGuard has intercepted a phishing email sent from a compromised Fresh 92.7 account.
Titled “Please Review the Project Proposal”, the phishing email masquerades as a file-sharing notification from a representative at the radio company. It includes a link to a “secured file”.
Here’s what the email looks like:
Unsuspecting recipients who click on the link to view the “document” are led to a login page containing the header “OneDrive”. The branding elements of several Microsoft products are also included in this page, including Word, Excel and PowerPoint. Interestingly, the URL used in the domain of this page doesn’t belong neither to Microsoft nor to Fresh 92.7. It is actually a phishing page hosted on GoDaddySites.com, a popular domain registrar and web hosting company. Here’s a screenshot of the page:
Once users “log in” by entering and submitting all required fields, the attacker harvests users’ credentials for later use. Users are then met with a confirmation saying that they will be contacted within 48 hours, as per the below:
Whilst MailGuard is stopping this email scam from reaching Australian businesses, we encourage all users to exercise caution when opening messages, and to be extra vigilant against this kind of cyber-attack. If you are not expecting a file from the sender, do not open the email, download files or click through on the links. Check with the sender first, even if they are known to you.
By claiming that a “Project Proposal” has been shared, this email scam aims to intrigue recipients, motivating them to click on the link to view it. In addition, using a file-sharing notification to trick users is another trick employed by cybercriminals to avoid detection. As more employees work remotely due to the COVID-19 pandemic, it is common for them to share business documents with one another via email.
Scams that are initiated from compromised accounts are particularly dangerous, for a number of reasons:
- The emails are sent from a legitimate account, so they are not likely to be blocked by email security services,
- The recipients are more receptive to the emails because they are from a legitimate service, and especially where the sender is known to them, and
- Because they may deliver a malicious payload, or simply a link to a file like in this case, directing users to external phishing pages to harvest credentials.
The inclusion of Microsoft’s branding is also likely included to boost the credibility of the email scam. Cybercriminals frequently impersonate global companies like Microsoft and Dropbox in their scams, because their good reputation lulls victims into a false sense of security. Because of the large number of users globally, they are regular victims of these scams.
As a precaution, MailGuard urges you not to click links within emails that:
- Are not addressed to you by name.
- Appear to be from a legitimate company but use poor English, or omit personal details that a legitimate sender would include.
- Are from businesses that you were not expecting to hear from.
- Take you to a landing page or website that is not the legitimate URL of the company the email is purporting to be sent from.
One email is all that it takes
All that it takes to break into your business is a cleverly-worded email message. If scammers can trick one person in your company into clicking on a malicious link they can gain access to your data.
For a few dollars per staff member per month, you can protect your business with MailGuard's predictive and advanced email security.
Talk to a solution consultant at MailGuard today about securing your company's network.
Why not stay up-to-date with MailGuard's latest blog posts by subscribing to free updates? Subscribe to weekly updates by clicking on the button below.
