As cybercrime evolves in complexity daily, cybercriminals are coming up with new and innovative ways of fooling unsuspecting Web users and infecting their systems.
MailGuard has detected a new phishing email scam that masquerades as a “Voicemessage Notification”. Sent via a compromised account, the ‘From’ field in the email message is a long VM notification display name, with parts of a phone number.
While we have detected some variations on the message body, they all contain a similar message. Advising the recipient that they have received a new voice message, the emails direct them to click on an included link to view, listen or save the file.
Here are 2 different variations regarding the email message:
Unsuspecting recipients who click on the file link are led to to an Outlook branded phishing page. The users are first asked to enter their email address, as per the below:
They are then asked to enter their password:
Once the form is completed the first time, they are sent back to the first page (asking for their email address) with a message stating that their email address and/or password is incorrect (as per the below screenshot):
Once this information is entered a second time, they are redirected to the actual Office 365 login page.
Despite the impersonation of Outlook’s logo and branding, eagle-eyed recipients would be able to identify the inauthenticity of the email due to several red flags. These include the fact that the email body in itself isn’t well-formatted and contains grammatical & spacing errors, and the fact that the ‘from’ field suspiciously contains multiple numbers.
Whilst MailGuard is stopping this email scam from reaching Australian businesses, we encourage all users to be extra vigilant against this kind of email and whatever happens, do not open or click them.
Phishing continues to be one of the most prevalent forms of cyber-crime. The vast majority of online scams – more than 90% – are perpetrated using email, so it’s wise to always be sceptical of messages from unfamiliar senders asking you to log into your accounts.
What to look out for
As a precaution, avoid clicking links in emails that:
- Are not addressed to you by name, have poor English or omit personal details that a legitimate sender would include (e.g. – tracking ID).
- Are from businesses you’re not expecting to hear from.
- Ask you to download any files, especially with an .exe file extension.
- Take you to a landing page or website that does not have the legitimate URL of the company the email is purporting to be sent from.