A zero-day phishing scam has hit thousands of businesses, purporting to be from Bank of Melbourne. MailGuard have identified and blocked the scam. At the time of writing, no other vendor has detected the attack.
The email explains to the recipient that there are some missing details on their profile which has caused a block on the user’s access until a verification process is complete. The email links to a professionally presented phishing website impersonating Bank of Melbourne.
First to stop new attacks, MailGuard is consistently between 2 hours and 48 hours ahead of the market in preventing fast breaking attacks. Most on-premise or hybrid anti-virus vendors require software updates across multiple instances, which can take hours or even days, leaving clients vulnerable.
In the sample email below you can see that the message is generically addressed to ‘Recipients’ and that the email contains several clumsy typing errors.
The HTML landing page and login screen (below), are professionally designed to look almost identical to the legitimate Bank of Melbourne website. These pages are being used to steal sensitive customer credentials.
Protection against phishing emails
To protect your business against scams like these banking phishing emails:
- - Beware of emails that contain grammatical or branding errors, but purport to be from reputable organisations that you weren’t expecting.
- Are not addressed to you personally.
- Always hover your mouse over the links contained in emails in order to check their legitimacy – don’t click them unless you are sure they are safe.
- To ensure complete safety, type the URL into your browser or navigate through Google search to find the actual website and enter your credentials.
- Be particularly wary of emails asking you to supply personal details that the purported organisation should already know, especially those which ask for credit card or bank account details.
If you are ever unsure if an email is legitimate, contact the bank directly before filing any details in online or clicking links contained within an email.
Adding a cloud-based email filtering solution will prevent scams like these phishing emails from reaching your inbox and getting in front of your team.
Keep up to date on the latest email scams by subscribing to MailGuard’s weekly update or follow us on social media.
