Attackers are trying to steal credentials from corporate mail by sending lists of quarantined spam e-mails.
What do you do when an unsolicited e-mail lands in your work inbox? Unless you’re a spam analyst, you will most certainly probably just delete it. Paradoxically, that’s exactly what some phishers want you to do, and as a result, we have been seeing more and more e-mails lately that appear to be notifications about obviously unwanted messages.
How it works
Cybercriminals, relying on users’ inexpert knowledge of antispam technologies, send notifications to company employees about e-mails that allegedly arrived at their address and were quarantined. Such messages look something like this:
The attackers simply copy the style of other advertising for unsolicited goods and services and provide buttons for deleting or keeping each message. It also provides an option to delete all quarantined messages at once or to open mailbox settings. Users even receive visual instructions:
What’s the catch?
The catch, of course, is that the buttons are not what they seem. Behind every button and hyperlink lies an address that brings the clicker to a fake login page, which looks like the Web interface of the mail service:
The message “Session Expired” is meant to persuade the user to sign in. The page serves one purpose, of course: to harvest corporate mail credentials.
In the e-mail, the first thing that should set alarm bells ringing is the sender’s address. If the notification were real, it would have to have come from your mail server, which has the same domain as your mail address, not, as in this case, from an unknown company.
Before clicking any links or buttons in any message, check where they point by hovering the mouse cursor over them. In this case, the same link is stitched into all active elements, and it points to a website that has no relation to either the domain of the recipient or the Hungarian domain of the sender.
How to avoid spam and phishing
To avoid getting hooked, corporate users need to be familiar with the basic phishing playbook. Of course, it is better to prevent encounters between end-users and dangerous e-mails and phishing websites in the first place. For that, use antiphishing solutions both at the server level and on users’ computers.
To discuss solutions for your team, contact us. We’ll review the security options that are best suited to your business, and employees.