Scamwatch round-up: Microsoft Office 365 and ANZ
- 14 September, 2018 11:21
ARN provides a weekly wrap of the phishing scams, malware attacks and security breaches impacting organisations across Australia.
This week, phishing emails purporting to be from Office 365 and ANZ were being sent to Australians' mailboxes.
On 12 September, email filtering company Mailguard picked up a phishing scam impersonating Microsoft Office 365.
The scam message is a simply designed HTML message that told recipients that their email account failed to connect and returned five incoming emails, and then asks recipients to click on a link that takes them to a fake website, acting as a Microsoft Office 365 page.
After the recipient enters its password, the page returns an incorrect password message, forcing the user to re-enter the password. After collecting the users' credentials they are redirected to an actual Office 365 page.
On 13 September, a new email phishing scam was identified by Mailguard, this time purporting to be a message from ANZ.
The message was designed to steal the internet banking credentials of recipients by telling them they have been locked out of internet banking for security purposes.
Furthermore, the message contains a link for recipients to inlock their account, however the link directs recipients to a fraudulent landing page for ANZ Internet Banking.
The cyber criminals use this to gain access to recipients' customer registration number and password. After entering those details, users are directed to a following page that then asks for their full name, date of birth, driver's license number and mobile number.
As reported by sister publication Computerworld, NSW Police charged four people over an alleged coordinated fraud syndicate. This is part of an ongoing investigation into business email compromise scams across NSW.
Police will allege in court that a 43-year-old man was directing the activities of the group and coordinated business email compromises to the value of more than $3 million.