Scamwatch round-up: AGL, Office 365 and AAMI
- 12 October, 2018 10:50
ARN provides a weekly wrap of the phishing scams, malware attacks and security breaches impacting organisations across Australia.
This week emails purporting to be from Microsoft Office 365, insurance company AAMI and energy company AGL were being sent to Australians' inboxes.
Email filtering company Mailguard revealed emails purporting to be from AAMI which were being sent with a link to a malicious .doc file.
The message suggested recipients were getting insurance documents accessible via a link within the message.
On 9 October, a fake AGL bill was being sent by cyber criminals. The message contained several links, most were actual AGL links but one was a malicious link.
The link to download a PDF file would take recipients to a Wordpress page before redirecting to another compromised website.
When on the compromised page, recipients were prompt to download a ZIP file, containing a malicious payload, according to Mailguard.
The energy provider took to Twitter to warn consumers of the scam.
We have received reports of hoax emails in circulation with the subject line "AGL electricity bill” falsely claiming to be from AGL. Learn how to identify this hoax or scam email and what to do if you receive one here: https://t.co/v1vAeVdhA8 pic.twitter.com/RCYCT94s6m
— AGL Energy (@aglenergy) October 9, 2018
"The AGL scam that is circulating is another in a long string of phishing emails that use our trust in well-known brands to bypass our natural suspicion," said Garrett O'Hara, principal technical consultant at Mimecast.
"The scammers are again using a brandjacking approach with social engineering in the form of fear of a service being terminated. This can be successful to get people to click their link and provide credit card information," O'Hara added.
Mailguard also picked up a phishing attack on 9 October purporting to be a Microsoft Office 365 email. In a move to gain access to recipients' login details, the email encourages recipients to click on a link that would lead to a fake Office 365 page.
On 11 October, the email filtering company identified another three scams doing the rounds, one of them again using Office 365's brand.
The emails were sent from multiple compromised email addresses. The message was similar to the previous Office 365 scam leading recipients to a fake login page with the intent to gain access to recipients details.