ARN provides a weekly wrap of the phishing scams, malware attacks and security breaches impacting organisations across Australia.
This week, the Australian Securities and Investments Commission (ASIC) and Suncorp Bank have fallen victim to brand-jacking.
A fake notification, purporting to be sent from the Suncorp Bank was sent on Monday, 29 January.
The email with the subject “the wire transfer can not be processed” was detected by email filtering company, MailGuard.
The messages were sent from the address: issupport[at]australiantenders[dot]com, which has no connection to Suncorp Bank.
On 30 January, ASIC issued a scam alert letting customers know of a scam using its name to contact registry customers.
With the subject “renewal” the fake email asked recipients in the first line of the message to check information regarding the renewal of “your” company.
The fake email had asic.transaction.no-reply[at]mtfaustralia[dot]com[dot]au as the sender address. The message contained what looked like a legit address to ASIC’s “ask a question” page.
Scams using ASIC’s brand usually have the intent to infect recipient’s computers with malware.
According to data collected by the Australian Competition and Consumer Commission’s (ACCC) ScamWatch, 4,397 ransomware and malware scams were reported in 2017 with financial losses of $214,000.
The numbers from 2017 were lower than 2016. ACCC received 6,210 reports in 2016, 1,813 less than 2017. The total loss for 2016 amounted to $241,000.
However the numbers were not down for all kinds of scams, with phishing having costed Australians $655,000 in 2017 against $373,000 the year before.
A report published this week by security vendor, Sophos, revealed that nearly half of Australian businesses (48 per cent) were targeted by ransomware exploit attempts during 2017. The security vendor surveyed 200 Australian IT decision makers from mid-sized businesses.