Australia markets open in 4 hours 16 minutes
  • ALL ORDS

    7,255.80
    +16.40 (+0.23%)
     
  • AUD/USD

    0.7770
    -0.0015 (-0.19%)
     
  • ASX 200

    7,023.60
    +9.40 (+0.13%)
     
  • OIL

    66.34
    +0.97 (+1.48%)
     
  • GOLD

    1,867.10
    +29.00 (+1.58%)
     
  • BTC-AUD

    56,717.44
    -2,320.44 (-3.93%)
     
  • CMC Crypto 200

    1,218.68
    +20.77 (+1.73%)
     

Think twice before clicking: Phishing scam poses as Microsoft

Eliza Bavin
·2-min read
Man on laptop looks stressed with Microsoft outlook scam page in the corner
MailGuard has warned Aussies not to click on this phishing scam (Source: Getty)

Aussies are being cautioned over a new email scam that carries Microsoft branding and has the potential to give scammers access to your passwords.

The phishing email scam was intercepted by MailGuard, which said it is a good reminder of the importance of thinking twice before clicking on links within an email – even if it appears to be sent from a legitimate sender.

The subject line of the email read “Invitation to bid’ and invited the recipient to submit a proposal “in accordance with an RFP package”.

The emails goes on to explain that due to the size of the electronic documents, they have been uploaded to SharePoint - a popular web-based collaborative platform by Microsoft.

SharePoint is commonly used by many businesses as a legitimate way to share large files.

The scam email provides a link for the recipient to view the documents and tells the recipient that they have two business days to submit the proposal.

However, the email actually originated from a compromised email account.

“Unsuspecting recipients who click on the links to the view the documents are led to an intermediary page that asks them to click on another link in order to ‘view proposal’,” MailGuard said.

“This page includes Adobe Spark’s logo and branding.”

Screenshot of email phishing scam
Screenshot of email phishing scam

When a recipient clicks on the link they are led to what appears to be a login page, however while the page has Microsoft’s logo and branding, MailGuard warns the domain does not belong to Microsoft.

MailGuard said this is a red flag that the page is illegitimate and is actually a phishing page hosted by Cloudfare.

Screenshot of fake outlook login page
Despite the Microsoft branding MailGuard warns the page is illigitimate (Source: Getty)

If a person tries to log in, their credentials are harvested by the cybercriminals behind the scam.

“Whilst MailGuard is stopping this email scam from reaching Australian businesses, we encourage all users to exercise caution when opening messages, and to be extra vigilant against this kind of cyber-attack,” MailGuard said.

“If you are not expecting a file from the sender, do not open the email, download files or click through on the links. Check with the sender first, even if they are known to you.”

Follow Yahoo Finance on Facebook, LinkedIn, Instagram and Twitter, and subscribe to the free Fully Briefed daily newsletter.