As cybercrime evolves in complexity daily, cybercriminals are coming up with new and innovative ways of fooling unsuspecting Web users and infecting their systems.
For instance, MailGuard has detected a new phishing email scam that currently brandjacks not 1, but multiple popular and well-established companies.
First detected early this afternoon (AEDT), the malicious emails arrived in inboxes as innocuous-looking notifications announcing the arrival of new shared files. The email comes from a compromised mailbox, with the “From” field containing the email address of the actual sender. The “To” field has been replaced with a generic display name of "Recipients" and the senders email address.
The body of the email is relatively simple, informing the user that they have received files titled “Files 03/05/2019.pdf”. A link is provided to “download attachments”.
Here is a screenshot of the email:
Unsuspecting recipients who click on the email are led to a Onedrive branded phishing site, with further links to select email providers, as in the screenshot below:
Depending on the email provider selected, a page for logging in to the recipients email account is then shown for that brand. I have included screenshots of the Office 365 and Yahoo! branded login phishing pages.
Users who click on any of these email providers are taken to a fake login page brandjacking the particular email provider they have selected. Here are a couple of examples of these pages:
All these login pages are actually phishing pages, designed to harvest users’ confidential login details.
While the actual email infiltrating inboxes is relatively simple-looking, cybercriminals have employed high-definition graphics and branding (including logos) of well-known email providers. This is done in a bid to convince users of the legitimacy of the email. Multiple email providers are brandjacked in this particular email, further boosting the scam’s authenticity as this allows the user to view the shared files via an email address of their choice – an advantageous feature normally expected from credible and well-established file-hosting services such as OneDrive.
Cybercriminals also frequently exploit the branding of global companies like Microsoft in their scams, because their good reputation lulls victims into a false sense of security, and with such a large number of users they are an easy and attractive target.
Whilst MailGuard is stopping this email scam from reaching Australian businesses, we encourage all users to be extra vigilant against this kind of email and whatever happens, do not open or click them.
Phishing continues to be one of the most prevalent forms of cyber-crime. The vast majority of online scams – more than 90% – are perpetrated using email, so it’s wise to always be sceptical of messages from unfamiliar senders asking you to log into your accounts.