Watch Out for the 'Fix Incoming Email Issues' Email Aimed at Outlook Users
Unfortunately, emails that try to trick you into giving away your login credentials have become so common, that they are now a part of our everyday online existence. Most of these campaigns are not incredibly sophisticated and primarily target inexperienced, click-happy users who are too distracted to notice the glaring red flags. Every now and again, however, we see a phishing attack that is aimed at people who know their way around the computer keyboard. In fact, the phishers recently tried to fool researchers from Sophos, and the experts were so impressed with the level of sophistication demonstrated during the attack that they decided to dedicate a blog post to it.
A highly targeted, sophisticated phishing campaign
When Sophos' researchers found the phishing email in their inbox, they noticed that their own email address was present in the "Sender" field. This seemed odd at first, but after they saw that the message appeared to be automatically generated, the experts thought that it might make sense.
The email concerned the researchers' Outlook account and said that multiple incoming messages had been "rejected" by the server. They were even told when the failed deliveries started. To fix the issues, the email said, they needed to visit the OWA (Outlook Web app) portal provided by Sophos, a link to which was handily available at the bottom of the message. The link led to a convincing-looking page that requested the researchers' email login credentials.
The wording was a bit awkward in places, but there were no obvious grammatical mistakes that could have given the scam away. All in all, the phishers had sent an email that could have fooled even experienced users that knew about the dangers of phishing. Fortunately, with Sophos' researchers, they picked the wrong target.
No, there are no problems with the incoming messages
As believable as it seems at first glance, it's not impossible to avoid falling victim to the scam. It may look like the email is automatically generated, for example, but a peek in the message's header reveals that it was sent by an outside address. Needless to say, most users don't know how to examine an email's header, but as we mentioned already, this attack is not aimed at most users. What's more, you don't have to be a computer expert to know that web links don't necessarily lead you where you think they do.
The scammers were clever not only with the relatively believable story about the undelivered messages but also with the disguising of their phishing link. The link looks like a URL, and in the Sophos researchers' email, it was designed to make them believe that it's going to lead them to their employer's OWA page. By hovering their mouse cursor over the link, however, the researcher saw that it's about to redirect them to a malicious page hosted on Microsoft Azure.
In other words, all the hard work the phishers put into their highly targeted and sophisticated attack can be undone simply by moving the mouse a couple of inches. Being a bit more suspicious of what you find in your inbox and using two-factor authentication wherever possible can also help.