ARN provides a weekly wrap of the phishing scams, malware attacks and security breaches impacting organisations across Australia.
This week, Docusign, Commonwealth Bank, ANZ Bank and Microsoft's Office 365 were among the companies whose brands were hijacked by digital scammers.
A brand new fake Docusign email has been picked up by Mailguard at the beginning of the week. According to the email filtering company, the fake email contained a .doc file which contained hidden malware.
Mailguard had not identified the intention of the cyber criminals behind this particular scam.
Commonwealth Bank (CBA) also had its brand high jacked by cyber criminals this week. The message contained a link leading recipients to a fake CBA login page.
The objective of this scam was to gain access to recipients' login details.
CBA has faced another challenge this week when it was revealed that the financial institution had misplaced two magnetic tapes containing customer statements and data including name, address and account numbers from almost 20 million customer accounts.
Another scam targeting bank customers was sent out on the same day, this time targeting ANZ Bank customers.
The scam follows the path of the CBA one, the message contains a link pointing recipients to a fake ANZ Bank login page which aims to gain access to recipients' login details.
This scam goes a bit further and took recipients to a second page requesting them to enter their security verification data.
On 2 May, a scam was identified by Mailguard purporting to be an Office 365 notification email which in fact was trying to steal recipients' login details.
The email contained a link pointing recipients to a fake Office 365 login page.
The latest scam identified this week was purporting to be from the High Court of Australia.
The message contained a link which pointed to a malware file with the intent to infect recipients' computers. According to Mailguard the message was being sent from a compromised Mailchimp account.
In early April, the first Notifiable Data Breaches (NDB) quarterly report, published by the Office of the Australian Information Commissioner (OAIC) revealed human error to be the main reason for the 63 data breaches reported.
As reported by sister publication, Computerworld, a recent study by telecommunications vendor, Verizon, revealed that businesses are still falling behind when it comes to employee awareness training and patching vulnerabilities.
Email phishing test simulations are one of the options available that can be used to train staff. If applied on a monthly basis followed by explanatory educational content could decrease the risk of employees clicking on a phishing link.
So far this year, Scamwatch, which is run by the Australian Competition and Consumer Commission (ACCC), received 4,689 phishing scams reports resulting in a loss of $104,000.
The number one method of phishing is still over the phone, however email follows as the second most common method.