ARN provides a weekly wrap of the phishing scams, malware attacks and security breaches impacting organisations across Australia.
This week, EnergyAustralia, Telstra and the Commonwealth Bank have had their brands used in malware attacks delivered via dodgy emails to Australian inboxes.
On 20 November, large volumes of fake emails were intercepted by email filtering company, MailGuard. An email designed to look like a bill notice from EnergyAustralia was one of the fake emails picked up by the company.
In this instance, the perpetrators registered the energyau[dot]com domain with the intent to convince recipients the email was legitimate.
According to MailGuard, the domain was created with a Chinese domain registrar on Monday.
“MailGuard first spotted this email attack mid-morning and since then we’ve detected tens-of-thousands of them being sent out,” the company wrote in a blog post.
On Tuesday, 21 November, another large-scale fake email attack was verified, this time with cybercriminals using Telstra’s brand.
According to MailGuard, this is well executed attempt, using a sophisticated HTML design utilising authentic looking graphical elements and layout.
Similar to the Energy Australia attack on the previous day, cybercriminals behind this registered the domain telstraq[dot]com on Sunday in China.
The sender display name, Telstra, on the email header, and the authentic looking sender address; telstraemailbill_noreply[at]online[dot]telstraq[dot]com, gives the message a “very convincing” appearance, according to MailGuard.
The most significant attack of the week also took place on Tuesday, 21 November, in a phishing scam targeting Commonwealth Bank (CBA) customers to give away their credit card details.
The fake email tells recipients that their data has been changed, asking that if changes were not made by them to click and complete security measures.
By clicking the link, recipients were taken to a fake CBA page asking for their personal details followed by a page requesting their credit card details.
CBA has told customers on its website that “it’s important to remember that we will never send you a message asking you to confirm, update or disclose your personal or banking information”.