Scam of the week
To kick off our scam of the week series I’m going to start with a scam email that was delivered to me this morning. Let’s start by taking a look at the message as it appeared in my inbox.
Looking at the subject line I see that the email appears to be from Australiawideit Support – it’s apparent that the sender has generated this subject line based on our email domain of australiawideit.com.au.
This message has an attachment that looks kind of like a voicemail message and the message content backs that up.
Now let’s take a look at some of the strategies that this message uses to try to convince the reader that it is legitimate-
- The subject line contains our domain name
- They have embedded the Microsoft logo – presumably to try and convince the reader that the message originate from Microsoft
- The email is addressed to me, using my proper first name
- There are no major grammatical problems
- The footer of the email where it says “This email was sent to ada***@australiawideit.com.au” is a common feature of legitimate emails sent by automated systems
So how can we tell that this is a scam?
- The first and most important piece of information is that we do not have any kind of voicemail system setup with Microsoft. In our case we do actually have an email to voicemail system but the messages which that system produce look nothing like this.
- The next big clue is the attachment. This attachment ends with .htm which is the same format that web sites use to display pages. If it were a real voicemail I’d expect the file to be a .wav, .mp3 or some other familiar audio format.
- The message says I missed a call from +61 (835) 835-3088. The +61 at the start is the international prefix for Australia but the rest of the number formatting is no consistent with an Australian phone number.
- The message sign-off says “Regards, Australiawideit Admin” – clearly an auto generated piece of text; the same goes for the “Organization: Australiawideit”. I’m willing to give a pass to the American spelling of ‘Organization’ given that they are trying to convince me this message is from Microsoft, an American company.
Certainly any one of these clues is enough for me to know that this message is a scam.
What are the scammers trying to achieve?
I am writing this paragraph before I have taken a look at the message attachment and I’m going to make a prediction. When I do eventually open the attachment I think I’m going to be presented with a web page that encourages me to login to something that looks like my Office 365 account thereby providing the scammers with my real Office 365 username and password. Let’s see what happens….
WARNING: NEVER OPEN AN EMAIL ATTACHMENT IF YOU DON’T KNOW EXACTLY WHAT IT IS.
This is what I see when I open the attachment-
I like this, it’s pretty cool and not one that I’ve seen before. What you can;t see from this screenshot is that the little green progress bar is moving to suggest that my voicemail message is being downloaded and in the background it is trying to download and play a real audio file. The audio file that it links to is not working so I don’t know what might have been in it. After about 5-10 seconds my browser window automatically refreshed and then I saw this web page-
Ahh, this is what I was expecting – a web site that looks like an exact replica of the real Office 365 sign-in page. They’ve even gone to the effort of pre-filling the username for me just like the real thing. Just for shits and giggles let’s see what happens if I keep going.
There’s not a chance I am going to give them my real email address so I’ve changed it to a made up one. As soon as I click the ‘Next’ button I am presented with the familiar password prompt-
After entering a junk password the window below appears. I don’t know what would happen if I entered a real user name and password and I’m not willing to sacrifice one to find out but my guess is that the site would continue displaying the ‘incorrect password’ dialogue box in the hopes that I would just keep entering a bunch of different passwords for them to exploit.
What is the point?
This is the number one question I am asked, why are the scammers doing this? What could they possibly want my email address and password for?
The answer if pretty simple, money.
Every time someone falls for this scam the usernames and passwords that they provided to the scammers end up on a list which goes up for sale to the highest bidder. Each username and password combo on its own is probably only worth a few cents, maybe not even that, but if you have a big list with millions of compromised usernames and passwords the money that can be made from this can be significant.
I hope you have enjoyed this scam dissection and learned something from it. Feel free to leave a comment or suggestions for a future post below.
Our Services
Our fixed price Managed IT Support Programs will increase your businesses competitiveness and efficiency with our I.T. Professionals on call for you 24/7.
Class leading response times ensure your that when things do go wrong we’ll be there in a hurry so you can get on with doing what your business does best.
Testimonials
Our previous I.T. Service Provider was distant, hard to contact and not customer focused. With Australia Wide I.T. we now have great service with a human touch. Our calls are answered promptly and the team is always ready to help in any way.
The maintenance program put in place by AWIT offers us peace of mind that our entire system is correctly and closely monitored.
Monica
A very big thank you from me to all of the guys there….You make things so easy for us and are always available to help.
A massive shout out to the Nash though for fixing our printer – you nailed it Nash and not only changed MY life, but also helped to save some trees in the Amazon Forest!
Thanks to you all.
Jo
The team at AWIT deliver nothing but breathtaking service!!!!
Brett
Your work last week was amazing. You couldn’t have been more supportive or expert in your conduct. I am very grateful and am amazed at your generous invoicing of last week’s work. I can only repay you by recommending you to as many people as possible.
Thank you. It is refreshing to know that when a problem occurs, you are always there – with great service.
Keran
Attentive and thorough, Australia Wide I.T. get onto any of our I.T. problems quickly – with prompt, friendly and efficient service. Whenever we need to upgrade, we know we can trust their knowledge in supplying flawless new equipment that always works both physically, and to suit our needs.
Alison
We would recommend you to anyone, anytime.
Thank you all so very, very much for all your support. Not to mention bringing back my files to my Company. I cannot thank you guys enough.
Thanks again.
Leigh
Thanks for all your help today. Your patience & tenacity for solving the problem is greatly appreciated.
Jacinta
They’ve gotten to know our business so well and they’re truly interested in helping us. It’s like having our own I.T. Department in-house. Australia Wide I.T. takes a personal interest in our team, our business and where we’re going. They’re like family.
Other I.T. companies just didn’t seem to have the same depth of knowledge as these guys. Rather than blame the user (us) they go the extra mile, locate the problem and fix it – Every time!
Coral
My business has grown from 3 stores to 5 stores over the last 3 years; one of the unfortunate consequences of this has been the fact that our old server and network could not cope with the growth. After much deliberation we chose Australia Wide I.T. to not only arrange the supply and installation of our new network, but to also provide long term support. We have been very pleased with our decision and would happily recommend them.
Bruce
Very much appreciate your very quick response today. It was pay day today and I was a bit worried (that we wouldn’t be able to process the pays) but because of you all is well, so a big thanks.
Dale