ARN provides a weekly wrap of the phishing scams, malware attacks and security breaches impacting organisations across Australia.
This week, Telstra and MYOB had their brands hijacked by scammers in separate email scams.
Another batch of emails containing fake Telstra bills was delivered to Australian inboxes this week.
An email under the subject “Arrival notification 1/22/2018” was being sent on Monday, 22 January, according to email filtering company, MailGuard.
The vendor said in a blog post that the messages were sent from a compromised MailChimp account.
“MailChimp accounts are often hijacked and misused by scammers because they are a simple and convenient way to anonymously target large numbers of email addresses.”
The email contains a “view bill” link which leads recipients to a downloadable file.
On 24 January was MYOB’s turn to have its brand hijacked once more.
The message designed to like an invoice email from ESIB Pty Ltd, powered by MYOB’s accounting software.
Similar scams have several times before used MYOB’s logo and email design to deceive recipients. On 12 December 2017, a similar scam was revealed.
Under the subject ‘Invoice INV-04085 from DXJ Company’ the message advised the recipients that they had an outstanding invoice requiring payment.
In a different scam earlier this week, the Queensland Police was warning citizens to be vigilant when shopping online. According to the department, scammers were attempting to use disguised and fake payment sites in a bid to lure unsuspecting victims.
This particular warning was directed at people shopping for cars. Queensland Police said that scammers will often steal vehicle details from legitimate advertisements then change the price and contact details and repost the vehicle for sale.
“The unsuspecting buyer is talked into making payment without even seeing the vehicle or sent links to fake phishing sites to make payments,” the announcement said.
A man has lost money to one of these scams according to the department. He had attempted to purchase an advertised interstate vehicle. He was sent a link to a fake phishing site to hold his payment. The site looked legitimate however the name had a different spelling to the legitimate website.