Story image

Dissecting the most common email scams that hit Aussie inboxes

14 Aug 17

New research from MailGuard says that Australians businesses are popular targets for scams and brandjacking and in the last few weeks alone, two massive fraud influxes from ASIC email scams.

The scams contained malware and originated from both a domain in China, as well as a domain in Cyprus.

MailGuard says that there’s something of a pattern to brand hijacking, also known as brandjacking: The larger the customer base, the larger the potential victim pool.

“Criminals go where the targets are,” comments MailGuard CEO Craig McDonald.

“That’s why well-known brands with loyal customer bases are frequently in cybercriminals’ sights.”

MailGuard has intercepted many different email-based scams this year and has compiled a list of some of the most common.

Common seasonal scams targeting Australia

  • In the leadup to Christmas, Australia Post is a perfect target. Online delivery orders soar, and people are busy getting their shopping finished in time for the big day. The rush means people awaiting an online order are especially susceptible to a ‘Your parcel is due for delivery – click here to track it’ malicious email. FedEx and DHL are also regularly impersonated.
  • Around tax time, fraud ATO and ASIC emails ramp up. False Business Activity Statements, ‘Renew your business name’ attempts and fake tax return documents are prolific. All aim to trick people into click a link containing malware, or handing over sensitive personal information.
  • Winter sees a peak in fake energy invoices. AGL, Origin Energy, EnergyAustralia are impersonated regularly, and often on a huge scale.

Evergreen scams

  • Fake driving fines, inviting recipients to a (malicious) click a link to view the ‘evidence’ of their offence.
  • Sham invoices from telecommunications companies including Optus and Telstra.
  • Malware-carrying bills designed to look like they were sent by MYOB, Xero or Intuit QuickBooks.
  • Phishing attempts purporting to be from Australian banks. Westpac, ANZ, NAB, Commonwealth Bank and Macquarie Bank.
  • Attempts to hack myGov accounts, under the guise of a ‘Verify your identity’ phishing email. With more than 11 million Australian accounts reportedly registered with myGov, which holds sensitive information from agencies including the Australian Taxation Office, Medicare and Centrelink, this poses a huge potential breach risk.
  • PayPal, Dropbox, Google Drive, Apple and Office 365.

Anatomy of an attack

  • An up-and-coming cybercriminal can find everything they need to complete a large-scale email scam on the internet’s underground: the dark web.
  • Known as phishing kits, these can be purchased as a package, with the price dependant on the sophistication of the fraud attempt.
  • Once the kit has been purchased it can be deployed relatively easily. The first step is purchasing a domain to host the attempt – because these can be registered anywhere in the world it’s difficult to identify the real country of origin.
  • In the case of a mass phishing attempt, the kit usually comes in the form of a compressed archive file which contains all the elements necessary to configure the scam. Among this cache is a list of recipients, together with their contact details. Often this information has been stolen in a previous phishing attempt.
  • The attack is deployed, with the emails distributed to recipients in bulk. The aim is to steal information, which might be used to access bank accounts, or on-sold on the black market.
  • Brand-impersonation scams have a short shelf life – usually less than 24 – with companies quick to arrange the blacklisting of domains set up to defraud their customers.
How to stay safe when shopping online
Online shopping is a great way to avoid the crowds – but there are risks.
Dell EMC embeds security in latest servers
Dell EMC's 14th generation of PowerEdge servers has comprehensive management tools to provide security across hardware and firmware.
Why data backups should be a part of daily operations
"Disaster recovery needs to address complete system failure and provide a set of security policies to govern disaster incidents."
Businesses focusing on threats from within - survey
Over 50% of respondents reported that 100 days of dwell time or more was representative of their organisation.
Corelight and Exabeam partner to improve network monitoring
The combination of lateral movement and siloed usage of point security products leaves many security teams vulnerable to compromise.
SailPoint releases first identity annual report
SailPoint’s research found that many organisations are lacking maturity in their governance processes over identities.
Disruption in the supply chain: Why IT resilience is a collective responsibility
"A truly resilient organisation will invest in building strong relationships while the sun shines so they can draw on goodwill when it rains."
Businesses too slow on attack detection – CrowdStrike
The 2018 CrowdStrike Services Cyber Intrusion Casebook reveals IR strategies, lessons learned, and trends derived from more than 200 cases.