Before adding and sharing your Fraud Alert please check to see if a similar alert has already been posted, thank you:

Foiling new email phishing scams

Post a Fraud Alert:

Asia’s prominent role in the global market and rapid digitalization have turned the region into a cybercrime hotbed.

According to AT Kearney, the top 1,000 companies in South-east Asia potentially stand to lose US$750 billion in market capitalization from cyber attacks, most of which originate from phishing emails.

Today, new and increasingly sophisticated phishing methods render businesses across Asia vulnerable to data breaches and malware infiltration.

In Singapore, phishing is considered a primary cyber-threat vector, with 42% of Singapore-based businesses reporting phishing incidents and the Singapore police recently warning the public against phishing emails purportedly from DBS Bank and Singapore Airlines.

There have also recently been reports of phishing attacks targeting Microsoft Office 365 users through deceptive emails bearing realistic Microsoft design and layout.

These phishing emails, ostensibly from Microsoft, instruct recipients to update their Microsoft Office 365 account information to avoid suspension of service and contain a link directing users to a website resembling the Microsoft website with deceptive accuracy. 

Recent Microsoft Office phishing emails make a credible impression by requesting users to enter their passwords twice, simulating the password verification process. These fraudulent emails mimic the Microsoft Office 365 messaging with believable language, a plausible-sounding sender address and authentic Microsoft logos, fonts and colors.

Unsuspecting victims successfully lured into providing their login details are unknowingly opening their Microsoft Office 365 accounts to online fraudsters, who then have access to all data and documents contained in their respective user accounts.

Given the prevalence and increasing sophistication of recent email phishing scams, users have to be vigilant and wary of links contained in emails, even if they sound believable and legitimate. Users would be well-advised to verify the true destinations of the links contained in such emails.

One of the hallmarks of a fake website is the presence of incorrect suffixes in the URL. Users can easily determine website authenticity by searching for the encryption symbol in the browser address bar. When in doubt, it is advisable for users to simply key the web address manually into the browser and log into the customer area of the website before entering their personal information.

Article source: