MailGuard Blog

Recipients of an email with the subject, ‘Your shipment is on its way’ purporting to be from ‘DHL Customer Care’, are strongly advised to not click onlinks asking them to retrieve any parcels awaiting them. The email is likely to bea phishing attempt by cybercriminals, aiming to steal credentials and potentially install malware on your network. 

MailGuard has intercepted a phishing email warning users that their Office 365 registration needs to be verified within 48 hours, or else risk having their account suspended.  With millions of businesses and individuals using (Microsoft) Office 365 globally for their daily tasks and communications, it is highly likely that a lack of vigilance will result in cybercriminals stealing credentials for later criminal use, such as identity theft, BEC, sold on the dark web and more.  

We would like to thank the National Cyber Security Alliance for providing the following valuable information to help protect from phishing threats. 

No business is immune from a cyber-attack, as is the case with this recent phishing scam intercepted by MailGuard. Scammers are targeting victims with an email titled, ‘Warning: Your email password has expired’. Recipients of this email are advised to be cautious before clicking on any links. Cybercriminals use social engineering tactics such as phishing to trick innocent victims into providing them with data to further their criminal activity.  

Cybercriminals have targeted unsuspecting victims with a phishing email purporting to be from the Human Resources Department of their respective employer. The scam uses multiple methods of redirection to the phishing site, with the use of highly accurate Microsoft branding, including Microsoft Word, Microsoft Teams and SharePoint. With over 190 million people across the globe using SharePoint alone, users need to remain extremely vigilant and think twice before downloading any unfamiliar files or clicking on suspicious links, as this could allow threat actors to steal your credentials and potentially install malware, leading to a myriad of other criminal activity.  

Outlook Web App users must take care and double-check any emails advising that your password has expired - it’s more than likely a phishing attempt by cybercriminals to steal login credentials.  

A fraudulent email purporting to be from Telstra is landing in inboxes, putting the company’s 18 million customers at risk. 

“Hybrid work represents the biggest shift to how we work in our generation. And it will require a new operating model, spanning people, places and processes” 

Amazon Web Services (AWS) account holders need to be on the lookout for a phishing email purporting to be from the AWS-Support team, advising recipients that they need to consent to the processing of their personal data in accordance with EU Regulations. The shift to remote working means that cloud services are in demand, with cybercriminals taking the opportunity to capitalise on the increased use by businesses of services like AWS to steal credentials.

Commonwealth Bank customers are again being targeted by cybercriminals with a new phishing scam designed to steal customers’ credentials, including their name, date of birth, zip code, phone contact, credit card and client number and password details. As one of the most respected brands in corporate Australia, and an expansive customer base, Commonwealth Bank customers must remain vigilant when receiving emails about problems with their account.

Email users need to be extra vigilant, with MailGuard intercepting an email phishing scam purporting to be from a well-known repair company, however the email is in fact from a compromised email account, making it difficult to discern from a legitimate request. File sharing amongst colleagues and clients is commonplace, and a practise that cybercriminals have taken advantage of in recent times for credential harvesting and potentially install malware onto computer networks.  

Compromise can happen to anyone. It’s no longer a case of ‘If a cyberattack hits my business’ but ‘A cyberattack will hit my business’. We have come a long way from the thinking that only certain types of businesses (or business functions) could be the recipient of a cyberattack. Most security professionals now assume that a breach is inevitable and prepare accordingly.

PayPal users should be watchful before opening or responding to any generic emails advising of a ‘limit’ being placed on their account, as it is most likely a devious attempt by scammers to get a hold of account and credit card information. Many of us rely on PayPal, (approximately 392 million, in fact) as a trusted way to make and receive payments, with 29 million active merchants using the service to run their online businesses, particularly in the current pandemic influenced times. This is not the first time that MailGuard has intercepted a scam spoofing the popular global payment provider, with the rise of online shopping and ease of use from various, perhaps, unsecured devices, providing a vantage point for criminals.

Millions of Commonwealth Bank NetBank customers are at risk of having their details stolen via the latest phishing email intercepted by MailGuard. This is the second time in the last month that scammers have purported to be the bank, one of Australia’s largest financial institutions, in an attempt to lure unsuspecting victims into providing sensitive data, such as customer account information and credit card details for credential harvesting purposes. Cybercriminals often imitate financial institutions due to their large customer base, trusted name, and the plethora of data at hand.  

CareSuper is a leading industry super fund for people in professional, managerial, administrative and service occupations in all business sectors. The fund’s objective is to help members achieve the best possible lifestyle in the future by using an actively managed and long-term strategy that’s driven by a proven investment philosophy.