ARN provides a weekly wrap of the phishing scams, malware attacks and security breaches impacting organisations across Australia.
This week, Aldi, Bunnings and Amcal had their brands impersonated in a phishing scam taking advantage of MailChimp compromised accounts.
This attack was picked up by email filtering company, MailGuard, on the evening of 14 November.
By using MailChimp compromised accounts, this scam can manage to bypass traditional email scanning software, according to MailGuard.
The emails were offering the chance to win up to $2,000 in gift cards in exchange for taking a survey. By clicking on the link provided, recipients were led to a phishing page to steal their credentials and to deliver adware.
A fake invoice scam email was also hitting Australian inboxes on 15 November. The generic email attack contained a link to a malware file disguised in a Word document.
The plain text format email contained spelling errors, which usually gives away its lack of authenticity.
The email contained a short message referring to the fake invoice and a clickable link. By clicking on the link, recipients were taken to a download screen with fake Microsoft Office branding and instructions on how to download and open the file, according to MailGuard.
The .doc file contains code designed to install malware on computers.
MailGuard noticed the emails contained several different sending addresses, more than 100 to be specific.
“Scammers use multiple sender and link address variants in messages like this to help hide their tracks and increase the success rate of their inbox infiltration,” MailGuard wrote in its blog.
A fake payment advice note pretending to be from Telecommunications provider Vocus was identified on 16 November.
The phishing message asks recipients to advise the payment status of the attached invoice. The link in the email took recipients to a fake Microsoft Office 365 login page where they were asked to enter their email and password twice.
They would be then directed to a screen saying their account had been verified. This screen misspelled ‘rnicosoft’.
“This phishing email is an attempt by cybercriminals to harvest MS Office 365 login credentials,” MailGuard wrote. “Once they have gained access to their victim's Office 365 accounts, criminals use them to send out yet more phishing emails.
"They also collect email address lists from the compromised accounts to compile spamming lists which can then be sold on the black market.”
Also, on 13 November, the Queensland Police was warning the community about the scam targeting PayPal customers.
This scam was first noticed on 9 November and was after recipients’ credit card details.