Overseas based online scammers have sent out the most sophisticated looking phishing scam to date.
This second round of NSW Office of State Revenue (SDRO) fake emails are even more clever and legitimate looking than the last, making it of high risk to recipients.
This email advises the email recipient of a speeding fine, offering links to view the invoice and the photos of the incident. If a user does follow the link, they are lead to a webpage which asks them for information to be filled out in the online form.
Once submitted they download a file which is malicious in nature. In this instance (as of 10am 12/11/2014), the malicious file has been detected by only 9 out of 54 commercial grade Anti-Virus providers and is understood to be a variant of a Cryptolocker virus.
SDRO has issued a statement on their website clarifying that they do not issue fines by email and they are only ever issued on the spot or by post.
This is another timely reminder of why multilayered security is important, and why all email users need to be aware of what to look out for. MailGuard is now detecting and quarantining this instance, and would like to reiterate the importance of user education to help prevent these types of infections from taking hold.
There are some key points which indicate that this email is fake.
1. The email has not addressed the recipient by name.
2. The email cites a traffic offence, however there are no car registration details mentioned.
3. Hovering over the INVOICE and VIEW CAMERA IMAGES buttons, you can see that the link is directed to a WP (WordPress) site, and not a legitimate government website.
4. The official website address is sdro.nsw.gov.au while you will see the fake one is nsw-gov.org.
5. If you do visit the official website they have issued a scam alert, stating that the SDRO does not issue penalty notices or penalty reminder notices by email.
By taking on board these recommendations, you can better protect yourself from any future attacks. Always remember, if an email seems suspicious or just too good to be true, it probably is.
Need more tips for identifying fake emails? You can find out more at our blog Don’t Click That! Your Guide To Cyber-attacks And Tips For Being Cyber Safe Within Your Business
