Scamwatch round-up - MyGov, Telstra, Officeworks and CommBank

Scamwatch round-up - MyGov, Telstra, Officeworks and CommBank

This week's phishing scams and malware attacks hitting Australians' inboxes

ARN provides a weekly wrap of the phishing scams, malware attacks and security breaches impacting organisations across Australia.

This week, the Australian Government page Stay Smart Online was warning tax payers of a common scam at this time of the year.

A fake MyGov tax refund email had a convincing MyGov logo and was being sent with the subject “important information regarding your account”.

The Australian Government informed that this was however a phishing scam, designed to steal recipients personal and financial details - the email asked recipients to click on a link to claim the refund, however it led to a fake tax refund claim form.

After recipients entered all the information they would then be redirected to the real MyGov website.

“Remember: the ATO and myGov will NEVER send an email or SMS asking you to click on a link and provide login, personal or financial information, download a file or open an attachment," a statement read.

Credit: MyGov

On 30 July, email filtering company Mailguard identified a phishing scam using Telstra’s brand - recipients would be taken to a fake Telstra login page designed to collect personal and access information.

Two scams were also picked up by Mailguard on 2 July, one purporting to be from the Commonwealth Bank and another from Officeworks.

In the Commonwealth Bank instance, cyber criminals used links to phish recipients credentials, while the Officeworks instance was different as it would download malware into the recipients computer.

The scams come days after global online forum Reddit revealed a hacker broke into a few of its systems accessing user data between 14-18 June.

According to an announcement issued on 2 August, current email addresses and a 2007 database back-up containing old salted and hashed passwords have been accessed.

“On June 19, we learned that between June 14 and June 18, an attacker compromised a few of our employees’ accounts with our cloud and source code hosting providers,” according to Reddit.

Follow Us

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags malwarephishingscam

Brand Post

Show Comments