Scamwatch round-up: MYOB, Office 365 and MailChimp
- 28 September, 2018 11:00
ARN provides a weekly wrap of the phishing scams, malware attacks and security breaches impacting organisations across Australia.
This week, phishing emails purporting to be from Office 365 and MYOB were being sent to Australians' mailboxes, along with some originating from different compromised MailChimp accounts.
Email filtering vendor Mailguard has identified several malicious email purporting to be from an UK-based business sending invoices from MYOB.
A link within the message leads to a malicious payload and has originated from a compromised MailChimp account.
Another scam also from compromised MailChimp accounts was identified by the Australian company. This time the link within the message took recipients to a "compromised host" that returns a malicious archive file.
A message purporting to be a Microsoft Office 365 notification warning recipients that the mailbox had fail to sync was being sent on 26 September - links within those emails led recipients to a phishing website designed to steal account details.
On the same day, emails sent from a compromised MailChimp account was purporting to send out tickets to recipients.
The link to download the fake tickets would actually download a .zip file containing malicious JavaScrip code, according to Mailguard.
Meanwhile, this week the Australian Competition and Consumer Commission (ACCC) issued a warning over celebrity endorsement scams.
“The growth in these scams is very concerning, particularly as over half the reports we received included a financial loss,” ACCC deputy chair Delia Rickard said.
"Most people lost between $100 and $500 and in one case, a victim lost more than $50 000 through fake celebrity endorsement of an investment scheme."
The ACCC’s Scamwatch website has received almost 200 reports in 2018 and losses totalling more than $142 000. People aged 45 and older accounted for 63 per cent of losses to these scams, while women are more likely than men to be a victim.