Scamwatch round-up – Telstra, Xero and MYOB

Scamwatch round-up – Telstra, Xero and MYOB

The latest round of phishing and malware attacks targeting Australian’s mailboxes

ARN provides a weekly wrap of the phishing scams, malware attacks and security breaches impacting organisations across Australia.

This week, Telstra, Xero and MYOB were among the companies whose brands were hijacked by digital scammers.

Telstra's brand was tapped twice by online scammers, with two separate email scams purporting to be from the telco picked up this week by email filtering company Mailguard.

In the first instance, a fake bill notification email containing a link to what looked like a Telstra login page was being used to trick recipients into entering their login and credit card details, which were being collected by the cyber criminals.

According to the vendor, the domain used for the scam was registered in the United States on 12 May.

A second fake Telstra email was discovered; this time the message looked a lot like an actual Telstra bill.

In this instance, the view bill button directed recipients to a website that would install malware to a computer. The malicious domain used in this malware attack was "telstrabroadband[dot]com;" which according to Mailguard, has the appearance of a genuine Telstra URL but the domain had been created on 13 May via a registry in China.

So far this year, Mailguard has identified at least another three email scams purporting to be from Telstra.

Another popular choice for cyber criminals is cloud-based accounting software vendor Xero (ASX:XRO) who also had its brand used in at least three attacks this year, which took place again on 15 May.

The email contains a link to what looks like Microsoft login account and has the intention to phish the recipients' login details.

Accounting software vendor MYOB (ASX:MYO) was the next to have its brand used in a fake round of emails. MYOB also had its brand used in email scams at least twice before this year.

Mailguard did not specify what the perpetrator's intent with this scam, but said that the email contained malicious links.

The Australian Competition and Consumer Commission (ACCC) published the scam statistics for the month of April. Scamwatch received almost 12,000 reports of scams with phishing being the number one scam used.

Remote access scams and false billing followed in second and third place respectively.

Email is the second most common method of delivering scams, losing only to phone scams.

Follow Us

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags scamcyber

Show Comments
View all events