Scamwatch round-up – ATO, Xero, Bingle and Zoho brands hijacked
- 19 January, 2018 05:00
ARN provides a weekly wrap of the phishing scams, malware attacks and security breaches impacting organisations across Australia.
This week, ATO, Xero, Bingle and Zoho have all had their brands hijacked by scammers in separate email scams, with car insurance provider, Bingle, the first company to fall victim.
On Monday 15 January, emails with the subject “Notification of car insurance” were sent around saying the company had received an application for car insurance and asking recipients to download a certificate through a link contained within the message.
The company issued an alert on the day showing two examples of the scam. The second had a different message telling recipients that “there was a problem” with the data in their certificate and asking them to download a scanned copy.
“This email has not been sent by Bingle, and should be deleted immediately. Do not open any attachments or click on any links within this email,” Bingle wrote in its website.
The sender email address was admin(at)victorychurch(dot)net(dot)au, which according to MailGuard appears to be a valid website for a South Australian church. MailGuard also said that the sender address for this fake Bingle email was using a MailChimp account.
On 16 January, another phishing scam was revealed by Mailguard, this time using online file storage company, Zoho, brand.
The email message is sent using different display names and it is sharing a .zip file, supposedly a tax report. Recipients are informed of a $8,919 GST bill.
On the same day, a brand jacking scam targeting accounting software firm, Xero, customers was also picked up by MailGuard.
“The email, with the subject ‘Your Xero Invoice’, advises the recipient that their Xero subscription invoice is attached and that the amount is due to be debited from their credit card,” MailGuard wrote in a blog post.
The emails came from subscription(dot)notifications(at)xeroink.com registered a day before the scam and had “Xero billing notifications” as the display name.
The Australian Taxation Office (ATO), another highly targeted brand, has again been used to deceive Australians on 17 January.
“Cybercriminals execute ATO brandjacking scams regularly. The ATO is a well-trusted name for Australians; the authority of respected government institutions lend credence to scams of this sort,” MailGuard wrote.
Following the global Spectre and Meltdown security flaws found in Intel, AMD and ARM Holdings chips, late last week cybersecurity vendor, Malwarebytes, alerted the community to fake patches being used to spread malware.
“While some patches have created more issues than they fixed, we came across a particular one targeted at German users that actually is malware. In fact, German authorities recently warned about phishing emails trying to take advantage of those infamous bugs,” Malwarebytes Lead Malware Intelligence Analyst, Jérôme Segura, wrote in the company’s blog.
According to the Australian Government Stay Smart Online page, there were concerns that similar emails could be sent to Australians.