Scamwatch round-up: Optus and Xero

This week's phishing scams and malware attacks hitting Australians' inboxes

ARN provides a weekly wrap of the phishing scams, malware attacks and security breaches impacting organisations across Australia.

This week, phishing emails purporting to be from Optus and Xero were being sent.

On 13 August, the Australian Communications and media Authority (ACMA) was alerting Australians to an email purporting to be from Optus.

The message under the subject "we are unable to process your last payment" was trying to gain access to recipients' credit card information.

According to the information provided by ACMA, the fake emails used a web address that looks like the real Optus website. The email contained a link to a fake "pay your bill" page, which would ask for the recipient's credit card details.

Source: ACMA
Source: ACMA

 Also this week, Xero informed it had received reports of fake email confirmations being sent around.

The message contained a link ("Yes, it's me – let's get started) which redirected recipients to a malicious website with the intent to still their Xero username and password.

The "confirm your email address" message was being sent from support@ ralphstarck .com.

"Please be aware that the email address listed above is not a sending address nor a domain used by Xero, and these emails were not sent by us," the company stated on its security noticeboard.

So far in 2018, the Australian Government has received reports of more than $460,000 lost to phishing and malware scams.

The data from the Australian Competition and Consumer Commission (ACCC)'s Scamwatch said that the reports on this type of scams amounted to more than 15,000 so far.