ARN provides a weekly wrap of the phishing scams, malware attacks and security breaches impacting organisations across Australia.
Late last week, a fake St. George Bank alert was picked up in what seemed like an attempt to collect personal identification information from recipients.
Email filtering company, MailGuard, who revealed the scam, said the email asked recipients to click on a link to a fake St. George Bank login page.
By telling recipients that their bank account had been terminated, scammers urged recipients to click on the link.
Unlike the email, which counted only with a sentence and a link and no logos, the fake login page was more convincing.
According to MailGuard the fake login screens asked for card number, security number, internet password, date of birth, driver’s licence number and Medicare number.
The week started with a fake MYOB invoice notification purporting to be from craft breweries deals company, Craftedeals.
“The displayed sender email address is firstname.lastname@example.org - which is the real compromised company email account of Craftedeals,” MailGuard wrote in a blog post.
It appeared that Craftedeals email account was being exploited to send out the malicious messages without the company's consent, according to MailGuard.
“Well, we survived our first cyber scam. We are pleased to say that the details of our database were not compromised in any way. Things are back to normal and it is business as usual,” the company alerted customers via its Facebook page.
On the same day, a fake Westpac Bank email was picked up by MailGuard in a scam similar to the St. George Bank one, in how it intended to collect recipients’ personal information.
The massage also contained a link to a page that asked for login details.
“The criminals who set up this scam have linked the phishing page to the compromised domain ‘westpac.co.kr’ to try and make it look more convincing,” MailGuard wrote.
On 13 February, two types of fake Quickbooks notification were doing the rounds, one acting to be from “We cart online solution”, which appears to be a company established in India in 2016, and another purporting to be from financial services company Proacct Wealth Solutions.
The first scam wanted recipients to click on a link within the message that took them to an archived file containing malware, according to MailGuard.
“The fact that this scam is so superficially similar to the one MailGuard intercepted earlier could indicate that the two attacks have been released by the same criminals, but because there are significant differences in the way the scams work, that is not necessarily the case,” the vendor wrote.
“Malware-as-a-service (MaaS) is a fast-growing phenomenon in the cybercrime world so it’s quite likely that these two emails are actually the work of different scammers using the same off-the-shelf malware package, bought from an underground vendor and then adapted for their own specific purposes.”