MailGuard Editor 09 April 2015 01:16:00 AEST 3 MIN READ

Warning: Fastbreak Email Scam Purporting To Be From Western Union

MailGuard identified and are successfully blocking a new fastbreak email phishing scam purporting to be from Western Union yesterday. MailGuard are at the forefront of finding and blocking such fastbreak email scams, therefore protecting our clients in real-time. Please be warned and check that these emails have not infiltrated your business network and staff inboxes. Email users may be handing over personal details including banking information to these scammers.

Details of the email phishing scam:
This fastbreak email scam is a standard phishing email with the aim to lure email users into handing over personal information. The email in question (screenshot sample below) has a link which, if clicked, takes users to a webpage that mimics the Western Union login interface.

Sample email:
Western Union Scam Email
This sample shows that the scammer has addressed the recipient by their email address in an attempt to make the email appear personalised, as standard email attacks fail to address the individual personally. Email users are fooled into believing there has been a transaction made from their account, and in order to cancel this transaction, they need to follow the URL (click the link).

The URL is listed as a Western Union support page, but once clicked, the user is actually taken to another URL (circled in the screenshot below) which is not a legitimate Western Union address.

WesternUnion1

The first phishing attempt is for the user’s Western Union login credentials. This page then redirects to another landing page which attempts to harvest their personal credit card information.

WesternUnion2

Finally, the user is asked for more personal information, including Address and Date of Birth.

WesternUnion3

The email recipient is redirected to a legitimate Western Union landing page leaving them none the wiser that they have been scammed and have handed over information to cyber criminals who can now access their funds.

Please warn your staff and fellow email users to watch out for this recent fastbreak scam, and to remind users to never click links within emails if they seem suspicious.

As always, you can find some tips on how to reduce your risk to falling victim to email scams in this article by MailGuard: Don’t Click That! Your Guide To Cyber-attacks And Tips For Being Cyber Safe Within Your Business.

User education is of utmost importance. Remember, it is best practice to never click any link contained within an email, especially when logging into your banking or financial service websites.

Be sure to type the URL directly into your secure browser, use the official banking app on your smart phone or contact your bank or financial service directly by telephone if unsure.

If you are thinking about superior email security and would like to enquire about MailGuard’s email and web filtering services, please contact MailGuard via expert@mailguard.com.au or you can start a no obligation free trial of MailGuard services for 14 days.