Check Point's Harmony Email & Collaboration team detected more than 5,000 emails disguised as Microsoft product notifications, which could lead to email extortion, the cybersecurity company said on October 2. The emails stand out for their polished appearance and inclusion of legitimate links.
The announcement comes as part of Cybersecurity Awareness Month and highlights the current risks posed by phishing attacks.
The email scam campaign stands out for its refined appearance
The emails come from “organizational domains posing as legitimate administrators,” making them appear as if they came from an internal administrator, colleague, or business partner. The fake emails link to legitimate Microsoft or Bing pages, making it difficult even for security-conscious employees to search for suspicious URLs to spot the scam.
Check Point noted that logging into a fake email, thereby providing the attacker with your login information, can “lead to email account takeover, ransomware, information theft, or other negative outcomes.” The team did not provide any information on whether the attackers had managed to exploit anyone so far.
In 2023, Check Point found that Microsoft was the most counterfeited brand in phishing scams. The other companies that appeared most frequently in phishing campaigns were Google, Apple, Wells Fargo, and Amazon.
SEE: Educators may be an underserved community when it comes to cybersecurity training, despite the number of cyberattacks targeting schools.
How to stay safe from account information scams
Employees should feel empowered to communicate in person with managers and colleagues when they suspect an email may not be legitimate. If you're not expecting a request to share a folder or collaborate through business software, check email directly with that person before participating.
People should also look for misspellings or clumsy language. However, the scheme Check Point detected solves this problem by copying and pasting actual Microsoft privacy policy statements.
The old belief that incomplete emails always contain errors is no longer necessarily true. Attackers are aware of this expectation and often use correct grammar to make their phishing attempts more convincing. Additionally, generative AI makes creating grammatically correct emails simple and fast.
Follow expert advice on how to keep your organization cyber secure:
- Keep operating systems and applications up to date, as security updates often include defenses against the latest bugs.
- Use email services with reliable anti-spam filters.
- IT administrators should periodically conduct awareness training for employees on recent scammers' techniques.
Also, be wary of emails that appear to come from big companies, like Microsoft, but don't align with how you typically interact with their services. Fortinet recommends technical precautions, including the use of reverse IP address lookup tools and auditing email accounts with the Domain-Based Message Authentication Compliance and Reporting Protocol.
Email administrators should configure their mail servers so that unauthorized users cannot connect directly to the SMTP port. Similarly, ensuring that SMTP connections from outside your firewall go through a central mail center can help track email spoofing if it occurs within your organization.