Check Point’s Harmony Email & Collaboration team detected over 5,000 emails disguised as Microsoft product notifications, which could lead to email extortion, the cybersecurity company said on Oct. 2. The emails stand out for their polished appearance and the inclusion of legitimate links.
The announcement comes as part of Cybersecurity Awareness Month, highlighting the ongoing risks posed by phishing attacks.
Email scam campaign stands out for polished appearance
The emails come from “organizational domains impersonating legitimate administrators,” making them appear as if they came from an internal administrator, colleague, or business partner. The fake emails link to legitimate Microsoft or Bing pages, making it difficult for even security-conscious employees scanning for suspicious URLs to detect the scam.
Check Point noted that logging in to a fake email — thereby giving the attacker your login information — can “lead to email account takeover, ransomware, information theft or other negative outcomes.” The team did not provide any information about whether the attackers had succeeded in exploiting anyone so far.
In 2023, Check Point found Microsoft was the most-spoofed brand in phishing scams. The other companies featured most often in spoofing campaigns were Google, Apple, Wells Fargo, and Amazon.
SEE: Educators may be an underserved community when it comes to cybersecurity training, despite the number of cyberattacks that target schools.
How to stay safe from account information scams
Employees should feel empowered to personally reach out to administrators and colleagues whenever they suspect an email might not be legitimate. If you’re not expecting a request to share a folder or collaborate through business software, verify the email directly with that person before engaging.
Individuals should also look for misspellings or clunky language. However, the scheme Check Point detected gets around this by copy and pasting real Microsoft privacy policy statements.
The old belief that sketchy emails always contain errors isn’t necessarily true any more. Attackers are aware of this expectation and often use correct grammar to make their phishing attempts more convincing. Plus, generative AI makes creating grammatically correct emails simple and fast.
Follow expert advice about keeping your organization cyber-safe:
- Keep operating systems and applications up-to-date, since security updates often include defenses against the latest bugs.
- Use email services with reliable anti-spam filters.
- IT administrators should conduct regular awareness training for employees about scammers’ recent techniques.
Additionally, be cautious of emails that appear to be from large companies, such as Microsoft, but don’t align with how you typically interact with their services. Fortinet recommends technical precautions, including using reverse IP address lookup tools and auditing email accounts with the Domain-based Message Authentication Reporting & Conformance protocol.
Email administrators should configure their mail servers such that unauthorized users can’t directly connect to the SMTP port. Similarly, ensuring SMTP connections from outside your firewall go through a central mail hub can help trace email spoofing if it does occur within your organization.