Scamwatch round-up – Microsoft Dynamics, Xero, ATO and Australia Post

Scamwatch round-up – Microsoft Dynamics, Xero, ATO and Australia Post

Examining the latest round of brand-jacking scams targeting Australians' mailboxes

ARN provides a weekly wrap of the phishing scams, malware attacks and security breaches impacting organisations across Australia.

Late last week, a phishing scam purporting to be an invoice notification from Microsoft Dynamics was being sent out to Australians' inboxes.

Email filtering company, MailGuard, which detected the phishing scam, said in a blog post that this particular scam was not well designed, but given that Microsoft is such a well-known brand, this would still attract people to click.

A link contained in the message invites recipients to click in order to view the documents. The link takes recipients to a phishing site designed to collect Microsoft login credentials.

Screenshot (MailGuard)
Screenshot (MailGuard)

On 19 February, a brand-jacking scam targeting Xero users was also picked up by MailGuard. Again, the message is designed to look like an invoice notification from the accounting software firm.

The emails were sent from subscription(dot)notifications(at), a domain created a day before the scam through a domain registrar in China.

The message contains a “view your bill” link, which directs recipients to a Microsoft Word document on a compromised website that contains malware in macro code, according to MailGuard.

“In order to try and outwit scam filters, the criminals behind this attack have used hundreds of link variants that point to documents hosted in different locations,” MailGuard wrote.

As most companies with a large number of customers, Xero’s brand is constantly used in email scams with the most recently reported taking place in January 2018December and September 2017.

Screenshot (MailGuard)
Screenshot (MailGuard)

On Wednesday, the Australian Taxation Office (ATO) took to Twitter to warn people of a fake email that was sent a day before under the subject “ATO refund notification”.

The ATO scam alert page warned that the fake ATO emails asking recipients to complete a 'tax refund form' to receive a refund. The form asks for online banking credentials, credit card numbers and limits, and personal address information, the ATO wrote.

“Do not click nor save the attachment as it may download malicious malware onto your computer. Do not disclose the personal information the form is requesting.”

The ATO informed that it does not have an online tax refund form and all online management of tax affairs should be carried out via a myGov account.

The Queensland Police issued a warning on 22 February about a scam masquerading as an Australia Post email. According to the statement, the email contains details of purchase and seeks to organise arrangements for delivery.

The email contains malware that can be loaded onto one’s computer.

Screenshot (Queensland Police)
Screenshot (Queensland Police)

Follow Us

Join the newsletter!

Error: Please check your email address.

Tags xeroMicrosoft DynamicsSCAMwatchATO and Australia Post

Show Comments