ARN provides a weekly wrap of the phishing scams, malware attacks and security breaches impacting organisations across Australia.
This week, the Australian Securities and Investments Commission (ASIC) and the Australian Taxation Office (ATO) warned customers of ongoing scams trying to attain money or personal information.
Australians were warned about scammers contacting registry customers via email purporting to be from ASIC. The emails asked recipients to pay fees and give personal information to renew their business or company name threatening cancellation.
An email is probably a scam and is not from ASIC if it asks recipients to make a payment over the phone, to make a payment to receive a refund, and for credit card or bank details directly by email or phone, ASIC warned.
An invoice notification email purporting to be from wedding photography company, Corral Photography, was being send on 13 March.
According to email filtering company, Mailguard, the view invoice link within the message directed recipients to a file containing malware.
The emails were sent from a compromised MailChimp account that uses the URL corralphotography.com.au, which, according to Mailguard, suggests that the MailChimp account in case might belong to Corral Photography.
The company used Twitter to inform customers about the issue. "I have just received numerous calls about bogus invoice spam that seemed to come from me. Please ignore and delete. Apologies for anyone receiving it," it wrote.
The ATO Assistant Commissioner, Kath Anderson, revealed that more than $50,000 had been paid in Bitcoin to scammers.
“Cryptocurrency operates in a virtual world, and once the scammers receive payment, it’s virtually impossible to get it back,” Anderson said.
“Scammers are constantly adapting their methods to maximise their chances of picking your pocket. Unfortunately it was inevitable that scammers would target cryptocurrency given its current popularity and anonymity.”
The ATO's brand is often used in scams either online or over the phone.
“In 2017, the ATO received over 80,000 reports of scams, with taxpayers reporting almost $2.4 million lost to scammers claiming to be from the ATO,” Anderson said.
“Over $900,000 worth of iTunes gift cards were reportedly paid to scammers – by almost one third of all victims.
“Even more concerning at the moment is that more than half of all losses are a result of scammers convincing taxpayers to make deposits or transfers directly into third-party bank accounts. Roughly $1.2 million was reported lost in this way in 2017.”