Scamwatch round-up – UPS, Docusign, ASIC and more
- 27 April, 2018 09:00
ARN provides a weekly wrap of the phishing scams, malware attacks and security breaches impacting organisations across Australia.
This week, UPS, Docusign, ASIC, MYOB and GIO Insurance were among the companies whose brands were hijacked by digital scammers, as the ACCC revealed that thousands of bill scams have been reported in the past 12 months.
A phishing scam using UPS's name was identified by Mailguard on 23 April. With the purpose of stealing Microsoft login details from recipients, the email contained a link for recipients to "track parcel".
The link, however, took recipients to a phishing website where it prompted them for their Microsoft login details.
According to Mailguard, the scam was operating from a compromised website.
On 24 April, the email filtering company picked up two different scams. The first one, designed to look like a Docusign notification message, was intended to phish for recipients' login details.
Another scam targeting the Australian Securities and Investments Commission (ASIC) was identified on the same day.
Both ASIC and Mailguard warned Australians about the scam, which was deigned to infect recipients' computers. A link within the message led recipients to a malware file, the kind of which is which usually used to deliver spyware, trojans or viruses, according to Mailguard.
The vendor identified four domains being used to deliver the attack, all of it had recently been registered in China.
Also on 24 April, meanwhile, the Australian Competition and Consumer Commission (ACCC) issued a warning of scammers impersonating energy and telecommunications providers and requesting payments.
The ACCC arm in charge of providing information to consumers and small businesses about how to recognise, avoid and report scams, Scamwatch, received 5,000 reports of fake billing scams in the past 12 months with losses amounting to $8,000.
“The scammers typically impersonate well-known companies such as Origin, AGL, Telstra and Optus via email, to fool people into assuming the bills are real,” ACCC Deputy Chair Delia Rickard said.
New South Wales residents reported the highest number of incidents of the fake billing scam, with 1,779 households reporting being victims, compared to 1,275 in Queensland and 1,245 in Victoria, 485 in Western Australia, 462 in South Australia, 132 in the Australian Capital Territory, 117 in Tasmania and 38 in the Northern Territory.
ACCC encourages anyone who thinks may have been scammed to report it.
On the same day, Mailguard picked another scam, this time a "major cyber-attack" using MYOB's brand.
The link within the message pointed to a .doc file with hidden malware that would install in the recipient's computer at the opening of the file, Mailguard said. A similar scam was identified on 26 April, this time purporting to be from GIO Insurance.