Scamwatch round-up – Apple, Xero, Go Via and more

Scamwatch round-up – Apple, Xero, Go Via and more

Examining the latest round of brand-jacking scams targeting Australians' inboxes

Credit: Dreamstime

ARN provides a weekly wrap of the phishing scams, malware attacks and security breaches impacting organisations across Australia.

This week, Apple, Xero and Go Via were among the companies whose brands were hijacked by scammers, with phishing email campaigns using the businesses’ brands to dupe local recipients.

On 19 March, email filtering and security company, MailGuard, said in a blog post that it had spotted a phishing scam using Apple branding and employing a “well made” fake Apple login screen.

According to MailGuard, the fake Apple website is hosted at, with the design of the page quite convincing.

If the recipient of the dodgy fake Apple email picked up by MailGuard clicks on the link in the message, they are taken to the fake login page where their credential data would be harvested.

MailGuard said its analysis of the phishing campaign suggests that the messages were sent from the email domain ‘@applemail(dot)email’ which is hosted with Google mail, meaning it can pass certain authentication tests and, as such, is likely to penetrate multiple inboxes.

An example of the fake Apple-branded page (Source: MailGuard)
An example of the fake Apple-branded page (Source: MailGuard)

On 22 March, MailGuard revealed it had spotted another wave of dodgy emails exploiting the brand of cloud accounting provider, Xero. MailGuard flagged an earlier wave of Xero-branded phishing emails as recently as February.

The latest wave of fake Xero-branded emails are meant to look like invoice notifications sent through the Xero accounting platform, MailGuard said in a blog post.

“The criminals who are operating this scam appear to have registered four new domains: xerocentral[dot]com, xero-fx[dot]com, xerogroup[dot]org and xeromobile[dot]net with a Chinese registrar yesterday [21 March],” MailGuard said in its blog post.

MailGuard warned that the individual messages sent out in the latest phishing campaign bear real business names, with the names used in the ‘subject’ fields of the email messages.

The objective of this email is to get the recipient to click on a link that will direct them to a hidden JavaScript malware file.

Just a day earlier, MailGuard said it had detected an email scam impersonating Queensland eToll operator Go Via involving messages designed to look like a real Go Via statement notification, with logo branding.

“This scam is being sent from multiple email accounts,” MailGuard said in a blog post. “The message contains malicious links that point to compromised websites intended to harvest the personal data of victims.”

The phishing campaigns picked up by MailGuard in the past week came as Consumer Affairs Victoria warned that it had received a number of reports of a possible hacking scam targeting certain industries, including real estate agents and builders.

“In most instances, a client received an email from the business they were dealing with, which included details of an account to make a payment to,” Consumer Affairs Victoria said in a statement.

“Shortly afterwards, they received a second communication from the same email address, telling them that the business had just updated their account details, and to pay into a new account,” it said.

Consumer Affairs Victoria said it strongly encourages consumers and businesses to regularly review and secure their online systems to avoid such scams.

Follow Us

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags Applemailguardxero

Show Comments