ARN provides a weekly wrap of the phishing scams, malware attacks and security breaches impacting organisations across Australia.
This week, an e-ticket infringement email scam was being sent late morning on Tuesday, 17 October - the scam used compromised MailChimp accounts to spread a malicious .ZIP file.
Email filtering company, MailGuard, picked up the scam, which lasted for “several hours”. According to MailGuard, the tactic of using compromised MailChimp accounts is becoming more prevalent.
“Because the accounts are legitimate, it is difficult for anti-virus and email scanners to identify and block the initial email run,” MailGuard wrote in a blog post.
In one instance, the emails featured multiple variations of the same subject line, which refer to a fake infringement notice dated '10 November 2017', MailGuard wrote in a blog post. The majority of the recipients appeared to be accountants, who are presumably on a mailing list attached to the compromised account.
Another scam picked up by MailGuard once again involved the hijacking of MYOB’s brand. The emails contained fake invoices in what MailGuard called a “large-scale” attack.
This cyber attack also took place on Tuesday with a well-formatted HTML email, which was sent from different businesses with a link to a MYOB invoice. The fake invoices had 20 October as a due date.
Companies with a large number of customers, such as MYOB, are constantly being targeted by this sort of attacks.
The most recent scams took place in September. The first one took place on 19 September, with recipients being sent a supply order for signature, with a DocuSign link to a malicious .ZIP download. The email was sent from randomised names ‘via DocuSign’.
The second one, which was doing the rounds a week later, contained a fake invoice. That particular scam used the names of real ASX-listed companies with the display and sending addresses varying each time.