ARN provides a weekly wrap of the phishing scams, malware attacks and security breaches impacting organisations across Australia.
This week, ASIC, Telstra and Origin Energy were among the companies whose brands were hijacked by scammers, with phishing email campaigns using the businesses’ brands to dupe local recipients.
On 9 April, email filtering company, Mailguard, picked up a fake Telstra Media Bpay billing message under the subject "new direct debit 747 payment to Telstra Media".
The message contained a link suggesting access to the payment invoice, however, Mailguard warned that the link is actually pointing to a zipped malware file.
Telstra's name is often exploited in brand-jacking schemes given its popularity and brand recognition. So far in 2018, Mailguard picked up at least two other scams using Telstra's brand.
The first in January, when scammers sent fake Telstra bills to Australians' inboxes. And a second one in March, which tried to make recipients believe they were receiving a wire transfer receipt when it was actually a PDF attachment carrying malicious code.
A couple of days later, the Australian Securities and Investments Commission (ASIC) was once again warning users of a scam.
According to ASIC, scammers were contacting Registry customers asking them to pay fees and give personal information to renew their business or company name.
The messages had a link to an invoice that contained fake payment details or downloaded malware into recipients' computers.
A fake Origin Energy electricity invoice was also picked up by Mailguard on 12 April.
The message contained a "view bill" link which, according to Mailguard, was a .doc file containing hidden malware.
Origin is another well-known brand that is often exploited by scammers, only two weeks ago Mailguard had identified another similar scam using the brand.