A very sophisticated scam….

October 25, 2018

At Premieredge we are frequently made aware of email  scams which are undoubtedly becoming more and more sophisticated in their attempts to dupe people.  We’ve already published a spear phishing blog explaining how cybercriminals use a range of scams and false identities to trick us into divulging personal information or downloading malware onto our devices.

We might like to think that we would never fall victim to such scams, but what would you have done if you’d been sent an email like one of our estate agent clients did below?

The email appears to have been sent from a company called AON and refers to a property on the estate agent’s books.  It tries to encourage the estate agent to view photos of a property they claim they want to sell.

Had our client gone on to click one of the links to view the photos, they would have seen the following login screen –

For those of you who use OneDrive you will see that this looks pretty much identical to the OneDrive login screen but look a little closer and you realise the URL is not what it should be.

The page appears to be genuine but is actually malicious as it is hosted in Github  If you enter your details into the Sign in screen the  scammers behind the email then have access to your user IDand password.

Luckily our client found the phone number suspicious and asked us to review the email, prior to clicking on the links so fortunately did not get as far as entering their email and password.

Stay Savvy against Scams

This was a very sophisticated email scam, targeted at an estate agent and asking them to view images of a property the sender had to sell.  Even so there were clues that all was not right, and they clearly illustrate the kind of things you should be looking out for:

1.       Is the email address suspicious?  If you look carefully the original email was sent from brannywalsh@a0n.co.uk – whereas had it been genuine it would have been brannywalsh@aon.co.uk.

2.       Is the web URL what you would expect?  In this case, had you missed that the email address was suspicious and clicked on one of the attachments, the URL was not a Microsoft URL but instead “streamiing.github.io” (note misspelling of streaming!).

3.       Does the URL have https:// before it?  This is not a failsafe – in this case it did have https://, but if it had not, then this would have been another sign.

4.       What about the other information on the email?  Our client recognised that the phone number looked funny – in the UK you would have expected to see a ‘0’ before the phone number or perhaps +44.  Also look out for mis-spelt words or poor grammar which can also be a sign of a fraudulent email.

5.       Does the email ask for personal information? Even if the email looks like it comes from a big company, or a friend or member of your family, make sure you take a second look if it is asking you for personal information. This could including asking you to login to a well-known site via a link, so potentially gathering your email and password.

In summary, email scams are getting more and more sophisticated and we all need to be on our guard.  If you have any doubts at all you should never open an email or if you do open it by mistake, ensure you do not click on any links or download any files.

At Premieredge we can offer Cybersecurity training to your team, so if you would like to chat to us about that, or just bounce a suspicious email off us, then please get in touch by phone or by using our contact form.