Here at The Defence Works we get to see lots of scams. It’s almost a hobby now, picking out the best ones to show you – and we have so much choice! This last week, I personally had at least 14 “FruityLola” and “KinkyPixie” type scams with headings such as ‘I want to play meow!’. How could I resist? Somehow, I managed; mainly because I know these to be the epitome of scams.
However, some fraudsters try to be subtle. This week’s scam is subtle, but not enough to trick us. Below, we break the scam down for you. Without further ado, here is this week’s scam all about an Outlook update…let’s play! Meow!
The Outlook Update Scam Email
The email heading was about an ‘Outlook Update’. The email was an ‘all staff’ email, thereby circumventing the phishing advice to look for personalisation of a message.
The email contained a command to click on a link to migrate to an updated version of Outlook.
The inherent threat/sweetener was in the bullet under this command. By updating you can get access to your payslips and P60, as well as use of other administrative items such as connecting a mobile device to access your email account remotely.
The final sense of urgency was that this update must be done within 24 hours or you could lose access to your work emails. The threats continued with a sign off saying the email was being monitored and if ignored there would be consequences.
The scam email arrived into my work email account. An email that arrives into a corporate email account, means that it could potentially be a legitimate email. The email used many typical social engineering tactics of a phishing email:
- Urgency – click the link and update to the new version of Outlook in 24 hours
- Threats – to encourage the recipient to click, inherent threats were made – the email is being monitored and ignoring it is not a good idea
- Fear of Missing Out (FOMO) – if you do not update Outlook you will not be able to access your emails and even payslips and P60s might end up as inaccessible
How Did We Know It Was a Scam Email?
Apart from the fact we haven’t come across “Outlook 2020” and it looks like Microsoft won’t be releasing an Office 2020 as they are pushing Office 365, here are the reasons we knew this was a phishing email:
- The email address of the sender was unknown and NOT part of our company or any IT support company we use.
- The email body content was poorly composed and had errors “please do not ignore this notification, because it is very compulsory” – just sounds off doesn’t it.
- Hovering over the link in the email showed that it went to an unknown website. However, worth noting, the URL began with an HTTPS. Normally this means the site is secure as it uses SSL certificates to create a safe connection. A recent check of phishing sites, by the Anti-Phishing Working Group (APWG) found that three quarters of phishing sites used SSL certificates. So do not let a URL beginning with an HTTPS fool you.
What Happens if You Click the Link?
We analysed the link and found that it was infected with malware. If you click the link and have a vulnerability in software running on your machine, such as a browser, your machine would probably be infected with that malware or at least be prepared for further infection.
If you receive an email into your work email inbox, that looks like it might be this scam or any other phishing type scam, you should immediately inform your IT department.
Just in case you are interested in what “FruityLola” looks like – here is the email:
Why not help your colleagues stay safe and send them this little reminder. Feel free to edit, copy/paste the advice below:
Outlook Update Scam Email
An email is being sent to corporate email accounts asking recipients to click a link to update their Outlook 2000 email account. This is a scam and you should inform your IT department immediately if you receive such an email.
ALWAYS AVOID CLICKING LINKS IN EMAILS.
For more information on what to do if you receive a phishing email check out “What to Do if You Click on a Phishing Link?”
Don’t forget to share this with your colleagues and friends and help them stay safe.
Let’s keeping breaking scams!
Subscribe to the Proofpoint Blog