MailGuard Blog

Tell your teams to be careful clicking on any parcel delivery emails this afternoon. MailGuard is blocking a FedEx TNT email scam with a subject line that reads ‘Unable to locate you.’

Careful not to click through on the latest email phishing scam impersonating Microsoft Office 365 today. The first run of the attack began hitting email inboxes between 8-10am AEST Friday.

Take a second look before viewing an online remittance purportedly issued by MYOB. The well-known accounting software company is being mimicked in a phishing scam currently circulating.

The scam was first identified and blocked by MailGuard on Thursday, with subsequent runs continuing into Friday.

ANZ Banking Group is the subject of an email phishing scam being blocked by the MailGuard team this morning, which is designed to steal the Internet Banking credentials of recipients. 

Wednesday morning (AEST), a new email phishing scam started to arrive in inboxes, impersonating Microsoft Office 365. The subject reads: '(5) messages returned - failure to sync.'

The worlds of politics and cybercrime collided in 2016 when Hillary Clinton’s presidential campaign HQ was infiltrated by hackers. The incident led to the exposure of thousands of sensitive private documents, a storm of controversy and potentially, the disruption of the US democratic process.

In the last two years, 45% of Australian companies were attacked by online criminals.

MailGuard has intercepted the email shown above, which purports to be from a company in the UAE called Naffco.

More than 60% of Australia’s medium-sized companies are undefended against cyber-attacks that have the potential to put them out of business; that’s the finding of a study conducted by Fairfax MediaandKPMG.

The image many businesspeople have of cybercrime is a teenager with a grubby hoody hunched over a laptop hammering code into a flickering screen that’s like something out of The Matrix. The imaginary teen finds a backdoor into a bank’s server admin page, and typing like fury beats the computer in a showdown of quick-draw typing.

This new phishing attack MailGuard has detected is meant to look like a notification from St George Bank.

The message is a relatively convincing forgery with well-formatted text and a sender address with the domain “@st-george.com”

When hackers set about breaking into a company’s computers, they start with phishing emails. Their objective is to get one person inside their target company to click a link to a fake website they’ve set up and enter their email password.

MailGuard has detected a new email-based cyber-attack (shown above) telling the recipient they have been sent an invoice by an accountant.

“React promptly to download the invoice,” the deceptive message advises.

Clicking on the link takes the victim of this scam to a malicious website containing a hidden malware payload.

"Raise the topic of cybersecurity with any board of directors. They would all probably agree it’s a very important issue, but it’s rare that they would all agree what to do about it. Just asking a few pointed questions can create a lot of energy:
How well prepared are you for a sophisticated cyber attack this afternoon?”

If you’ve seen this email in your inbox, best to delete it immediately. It’s a new scam using forged QuickBooks branding to try and trick people into clicking through to a malicious website.

MailGuard has detected multiple variants of this attack, using different company names and sender address domains.