Office 365 Business Email Scam

18 December 2019

If you are wondering how email accounts get compromised, here is just one example.  In this case, the subject line is routine for an email delivery failure, but nothing else is good about this email scam.

Here is the email received by one of our customers today who was rightly suspicious about the content of the email

There are plenty of clues in the email which might be obvious to many, however if one is unaware that email scams like this are a thing, then trouble brews very quickly.  Here are the signs this email is a scam

So, what happens if we click on the link.....?  We don't recommend that you try this at home (or at work) however nothing bad can happen unless you think the web page you visit is genuine, then things get nasty real fast.  Let's look at the web page address first...

Hold on, Google's Gmail service is not happy with the link

The good news here is that Google has trimmed the link back to the actual web page address which is clearly not Microsoft, let us proceed for the purpose of this exercise, you would normally choose the "Back" option of course

More good news, our recommended internet security software, Webroot SecureAnywhere, is not happy with the web page either

So we bypass the warning (again, don't do this) and see where the link takes us.

If you compare the original web address in the email you can see that you have been redirected to a different web page which looks equally bogus even though it does contain your email address at the end.

Let's have a look at the whole bogus web page

The web address is clearly dodgy, however the Microsoft login screen looks exactly like the real thing.  So if you don't notice the bogus web address then you are one step away from serious trouble

If you enter your email password on the above screen, the scammers will then have your email address and password which is all they need to login to your mailbox unless you have two-factor authentication attached to your mailbox in which case they will also need a code from your phone which will make it much more difficult to compromise your mailbox.

So, what happens next....?

And the good news is.....?

Australian banks are well aware of these scams and have systems in place which can stop the scammer from receiving their ill-gotten gains

Basically, any new bank account which receives a multi-thousand dollar deposit as the first transaction may be flagged for investigation before the scammer actually gets the money. We have been very impressed with this feature where we have seen customers re-imbursed for tens of thousands of dollars because the bank blocked the transfer.  It would not be safe to rely on this of course.  If the payment does not get blocked, you lose your money.

Defence Mechanisms

This is our business