New Microsoft Phishing Attack

Any fisher knows that success relies on using the right bait. Ask email phishers and they’ll tell you the same thing. The most recent phishing bait de jour? It’s an email that appears to be offering free software from Microsoft.

The new phishing attack

We first saw it mentioned in the SpiceWorks forum. The email begins…

“Congratulations on your newly accepted Open License with Microsoft, ending in 92104. You have been assigned Administrator permissions on the Microsoft Volume Licensing Service Center (VLSC) site.”

Great! Free stuff, right? Wrong. The email goes on to prompt the user to click a link that leads to a page that looks identical to a Microsoft page that includes a registration form, but the page isn’t actually published by Microsoft. Instead, when someone fills out the form the information is sent to the Russian hackers who sent the phishing email out.

The hackers did two things that make this email a little extra devious.

  • The other links in the email are reported to be legitimate. They all go to actual Microsoft pages.
  • Secondly – and this is really sneaky – the user who reported the email said that in Outlook 2013, when he hovered his cursor over the link its URL didn’t appear. Usually, this is a good way to identify a phishing email – if the destination URL isn’t the same as what the text says – you should probably stay clear.

With hackers getting more advanced and finding new and creative ways to get your users to click on their phishing emails, how can you stop your system from getting infected?

Stop phishing before the line is cast

If you wanted to protect fish from fishers, what would you do? You’d stop the fishers from getting their bait in the water. Put the right bait in front of the right fish, and sooner or later one will bite. If you want to stop phishers from “catching” someone in your company, you need to stop their emails from landing in your inboxes. Otherwise, it’s only a matter of time until someone clicks a link they shouldn’t.

But everyone knows that. The real trick is how you do that. Back to our analogy: If you stopped the fish from getting their real food, it doesn’t matter if they aren’t biting on the fishers’ bait because the fish would starve. You have to make sure the good stuff gets in too.

This is the part that most email security providers forget. Their response to a phishing email like the one described in this post is to crank up the sensitivity of their email filters to stop the phishing emails from getting into inboxes. While that will probably catch more malicious emails, it will also probably accidentally stop some legitimate emails, too. That’s because the content filtering methods used by most email security providers don’t pay enough attention to a critical piece of information: who sent the email.

Contact filtering considers who the email is coming from in addition to what the email says in order to filter out spam, while making sure you never miss an important email. To learn how Sendio employs contact filtering to protect inboxes from phishing and other malicious emails while still letting all legitimate emails in, call (949) 274-4375 or fill out this form to schedule a demo.