With Christmas just around the corner, millions of Australians are madly rushing to get their shopping done before the big day, but with interest rates and the cost of living continuing to rise, many will likely be making use of “buy now, pay later” options.
When you think of “buy now, pay later”, Afterpay is probably the first thing that springs to mind. Available for use both in-store and online, the service boasts over 3.6 million customers across Australia and New Zealand – and they’re being targeted in a new phishing scam.
MailGuard is now blocking an email which has the subject line “Your last Afterpay payment was declined” and has the sender name “Afterpay – Support”. However, the email’s display address shows one that’s associated with USPS.
The email itself is relatively simple but uses Afterpay’s logo and branding. It warns the recipient that their “Afterpay account is currently restricted from spending” due to their most recent payment of $25.11 failing. The email then directs the user to click on a button to “Retry payment”.
Here's an example of the email:
After clicking the button to “Retry payment”, the recipient is taken to a phishing site which closely resembles the Afterpay login portal, and they are asked to enter the email address and password associated with their account. The only differentiating factor is the URL, which is not connected with Afterpay.
When the user submits their credentials, these will be stolen by the attacker and saved for later use.
As Afterpay uses two factor authentication, the user is then prompted to enter the 6-digit verification code that has been sent to their mobile. If a OTP is received, this would have been prompted by the phishing page using the supplied credential to attempt to log in on the genuine Afterpay site.
Next, the victim is asked to update their payment method, by entering information including:
- Credit card number
- Expiration date, and
- CVV
These details will also be stored for later use or sold on the dark web.
Finally, the victim is asked to enter a one-time password (OTP) that’s been sent to their mobile, which is likely to process a payment on the attacker’s end.
MailGuard advises all recipients of this email to delete it immediately without clicking on any links. Providing your personal details can result in your sensitive information being used for criminal activity and may have a severe negative impact on your business and its’ financial well-being.
MailGuard urges users not to click links or open attachments within emails that:
- Are not addressed to you by name.
- Appear to be from a legitimate company but use poor English or omits personal details that a legitimate sender would include.
- Are from businesses that you were not expecting to hear from, and/or
- Take you to a landing page or website that is not the legitimate URL of the company the email is purporting to be sent from.
Many businesses turn to MailGuard after an incident or a near miss, often as a result of an email similar to the one shown above. If unwanted emails are a problem for your business, don’t wait until it’s too late.
Reach out to our team for a confidential discussion by emailing expert@mailguard.com.au or calling 1300 30 44 30.
One email is all that it takes
All that it takes to devastate your business is a cleverly worded email message that can steal sensitive user credentials or disrupt your business operations. If scammers can trick one person in your company into clicking on a malicious link or attachment, they can gain access to your data or inflict damage on your business.
For a few dollars per staff member per month, you can protect your business with MailGuard's predictive and advanced email security. Talk to a solution consultant at MailGuard today about securing your company's inboxes.
Stay up-to-date with MailGuard's latest blog posts by subscribing to free updates. Subscribe to weekly updates by clicking on the button below.
