Outlook Web Access Social Engineering Malware Scam
Threat Type: Malicious Web Site / Malicious Code
Websense® Security Labs™ ThreatSeeker™ Network has discovered a new wave of malicious attacks claiming to be an update for Microsoft Outlook Web Access (OWA). Victims receive a message leading to a site to apply mailbox settings which were supposedly changed due to a "security upgrade." The especially dangerous thing about these messages is that they are very deceiving. The messages and attack pages are personalized for the To: email address to imply the message is being sent from tech support of the domain. The URL in the email looks like it leads to the company's own OWA system. We have seen upwards of 30,000 of these messages per hour and they have low AV detection.
Screen shot of malicious message:
The malicious site is also very believable. The victim's domain is used as a sub-domain to the site so that the attack site appears to be the victim's actual OWA site. The victim's domain name and email address are also used in a number of locations on the malicious site to make it that much more believable.
Screen shot of attack page:
Websense® Messaging and Websense Web Security customers are protected against this attack.