Scamwatch round-up – Netflix, ASIC and PayPal
- 10 November, 2017 11:30
ARN provides a weekly wrap of the phishing scams, malware attacks and security breaches impacting organisations across Australia.
Streaming giant Netflix had its brand used in a malicious round of emails hitting Australian inboxes on Friday last week.
The attack however continued throughout this week, with the Queensland Police issuing a scam alert on Tuesday.
The email tells recipients their billing information needs to be updated and they must “restart membership”.
Email filtering company, MailGuard, picked up the first stream of emails on Friday and said this was a relatively well-designed scam email.
“The scammers are using a template system to generate individualised messages with specific recipient data,” MailGuard wrote in a blog post.
After clicking on the restart membership link the user is taken to a fake Netflix website that asks for log in details followed by personal information details.
According to MailGuard, the fake Netflix site this scam is using is built on a compromised Wordpress blog. Scammers can break into Wordpress sites by making use of vulnerabilities in blog plugins.
Australian Securities and Investments Commission (ASIC) has also warned of yet another scam targeting Registry customers. The fake email pretends to be from ASIC and was sent with the subject “Renewal”.
The emails were sent on 8 November asking recipients to renew their registration by credit card or by clicking on the “pay now” link.
ASIC warned customers on the day via its website saying that these emails often have a link that provides an invoice with fake payment details or infects computers with malware if you click the link.
You can notify ASIC of a potential scam email by forwarding the message to ReportASICEmailFraud@asic.gov.au.
ASIC was most recently targeted with the same scam in early October. ASIC does not ask customers via email to make a payment over the phone, to make a payment to receive a refund or for a person’s credit card or bank details directly by email or phone.
Phishing emails get a 13 per cent click rate in Australia, according to Sophos Labs, whereas email marketing campaigns originating from well-known brands represent a three per cent click rate.
A fake PayPal email after recipients’ credit card details was doing the rounds on Thursday 9 November.
With the subject ‘Your PayPal account has been limited,’ the email was designed to look like an admin email from PayPal, according to MailGuard.
The perpetrator convinces recipients that their PayPal accounts have been temporarily limited asking them to log in in order to fix the problem.
By clicking on the link provided the recipient is taken to a fake website to log in.
“Once the victim has been tricked into entering their login details, the scam website directs them to a page where they are asked to ‘update’ their personal information, including their full name, DOB, address and phone number,” MailGuard wrote.
The fake page then asks for the person’s credit card information. After all information has been entered the user is finally taken to the real PayPal page.