0115 8 24 25 26 sales@pyranet.co.uk

An advanced Phishing email has been brought to our attention claiming to contain a mortgage offer from ‘Mortgage Advice’


We believe this kind of phishing email will be an effective one because of the format it is sent in. With many of us using the encrypted email feature within Outlook to send and receive messages containing important data – it appears that scammers are taking advantage of the fact that many people, especially those within businesses are making a conscious effort to be more cyber aware and send things in encrypted formats. However, as those of you who use this feature will know, when sending

So, what’s the deal with this particular so called ‘Mortgage Advice’ email? What does it look like and what will happen if I click on it?

  1. Firstly, of course, an E-mail comes into your inbox pretending it is an encrypted message using the typical format and instructions that Microsoft uses, which will read something as follows;


You’ve received an encrypted message

To view your message

Save and open the attachment (message.html), and follow the instructions.

Sign in using your email address:

Message encryption by Microsoft Office 365


This seems pretty believable on the surface, but after analysing this email, you will see that there a few red flags, if you look close enough at the very bottom of the email in the small print, it would appear that this small print is written in spanish – quite unusual! Also, despite the ‘from’ field saying Mortgage Advice the email address next to it looks like it could be a Spanish academic email address- again, unusual and another red flag!

2.  The attached file opens a login page, similar to Microsoft’s Office 365 encryption would (nothing really seems too suspicious yet, they’ve got the page looking pretty legitimate!):

3. The hackers in this case are sending your login details to the following site (http://woodrobot.com.au/toto/other.php) as shown in the code below taken from the attachment:

4. To make the attack even more convincing, after pressing sign in, you are redirected to another page which pretends to sign you out of Office 365 and asks you to close your browser. Leaving you confused as to what has just happened but at the same time, no major warning signs have stuck out that raise any concerns.

5. If you put in your genuine Office 365 username and password and you don’t utilise Two-Factor Authentication, we typically see people’s email accounts being breached and then the attackers escalate their threat from there by stealing identities, looking for financial details, resetting passwords for other accounts or sending e-mails from your account to others to try and catch more people out.


  • As we always stress, NEVER open zip files, attachments or click on links within the body of an email if you’re unsure about the authenticity of the sender.


  • NEVER reuse passwords across multiple sites/accounts


  • When clicking reply, notice what the email address next to the display name says


  • If you are unsure of what to do, ring the ‘sender’ to see if this is a genuine request.


  • If something doesn’t seem quite right, trust your instinct to follow it up before sending any money online.


  • For your business, we recommend using a SPAM email filtering service such as MailGuard to trap and quarantine these emails so they don’t find their way into your inbox. 


We offer cyber awareness training, simulated phishing email testing and other solutions to help with preventative measures against this kind of attack within your business, for more info

call 01158 24 25 26 or drop us an email – sales@pyranet.co.uk