Scamwatch round-up - AFP, Dropbox and Telstra
- 17 October, 2017 07:15
ARN provides a weekly wrap of the phishing scams, malware attacks and security breaches impacting organisations across Australia.
This week, the Australian Competition and Consumer Commission (ACCC) warned the local online community to watch out for a fresh round of online scams.
The warnings came in the midst of the government's Stay Smart Online Week campaign, which rolled out last week.
According to the ACCC, Scamwatch received more than 51,000 reports of scammers and online scam losses totalled nearly $37 million so far in 2017, with people aged 45 to 54 most likely to lose money.
During the last seven days, fake email scams impersonated Dropbox, MailChimp, Telstra, the Australian Federal Police (AFP) and Revenue NSW.
According to email filtering company, MailGuard, the perpetrators used accented letters to avoid detection, with the email containing a link to a fake Office 365 site asking for recipients’ personal information. The link then redirects to a malicious PDF file.
Furthermore, Dropbox proved a favourite of cyber crime networks due to the large number of users globally who use the service, according to MailGuard.
In late August, MailGuard CEO Craig McDonald revealed via Twitter that the company was blocking a wave of scam phishing emails using Dropbox’s brand.
In one instance, the emails featured multiple variations of the same subject line, which refer to a fake infringement notice dated '10 November 2017', MailGuard wrote in a blog post. The majority of the recipients appeared to be accountants, who are presumably on a mailing list attached to the compromised account.
The email contains a display name, which matches to a director of the firm having its brand hijacked.
A Telstra customer picked up a fake Telstra email on 9 October. The email asked recipients to click on a link to view the message as it contained “confidential information”.
Telstra replied to the user saying that was definitely a scam.
Revenue NSW, formerly known as the State Revenue and State Debt Recovery, was also targeted last week. The government organisation also used Twitter to let customers know of the scam.
Nice @Telstra phishing email doing the rounds this afternoon pic.twitter.com/NeXJfW9Bax
— Daniel Streefkerk (@dstreefkerk) October 9, 2017
According to the message the scam was both via email and phone. Revenue NSW warned customers to not open attachments, click links or images and to delete it straight away.
The AFP was also targeted, according to an announcement on the Australian Government Stay Smart Online page.
The emails contained the subject ‘Your info about violation is now public’. The emails was not personally addressed and contained no details of a person’s plate or offence and the fine includes cents, which according to the announcement are clear indicators of a scam.
According to the announcement, there have been numerous similar scam emails in circulation over recent weeks with variations on the ‘notice’ theme.
“If the ‘notice’ is downloaded onto your computer, it may install financial Trojan malware that can steal your banking credentials and empty your account,” Stay Smart Online wrote.