Another Fake NSW Office of State Revenue Scam Hits Emails

Posted by MailGuard Editor on 12 November 2014 02:18:00 AEDT

Overseas based online scammers have sent out the most sophisticated looking phishing scam to date.

This second round of NSW Office of State Revenue (SDRO) fake emails are even more clever and legitimate looking than the last, making it of high risk to recipients.

This email advises the email recipient of a speeding fine, offering links to view the invoice and the photos of the incident. If a user does follow the link, they are lead to a webpage which asks them for information to be filled out in the online form.

Once submitted they download a file which is malicious in nature. In this instance (as of 10am 12/11/2014), the malicious file has been detected by only 9 out of 54 commercial grade Anti-Virus providers and is understood to be a variant of a Cryptolocker virus.

SDRO scam 12112014

SDRO scam 2 12112014SDRO has issued a statement on their website clarifying that they do not issue fines by email and they are only ever issued on the spot or by post.

This is another timely reminder of why multilayered security is important, and why all email users need to be aware of what to look out for. MailGuard is now detecting and quarantining this instance, and would like to reiterate the importance of user education to help prevent these types of infections from taking hold.

There are some key points which indicate that this email is fake.

1. The email has not addressed the recipient by name.
2. The email cites a traffic offence, however there are no car registration details mentioned.
3. Hovering over the INVOICE and VIEW CAMERA IMAGES buttons, you can see that the link is directed to a WP (WordPress) site, and not a legitimate government website.
4. The official website address is sdro.nsw.gov.au while you will see the fake one is nsw-gov.org.
5. If you do visit the official website they have issued a scam alert, stating that the SDRO does not issue penalty notices or penalty reminder notices by email.

By taking on board these recommendations, you can better protect yourself from any future attacks. Always remember, if an email seems suspicious or just too good to be true, it probably is.

Need more tips for identifying fake emails? You can find out more at our blog Don’t Click That! Your Guide To Cyber-attacks And Tips For Being Cyber Safe Within Your Business




Topics: Cloud Computing Spam Industry News Email Web Security Hacking Phishing Website Security Email Security

Back to Blog

Comments:


Something Powerful

Tell The Reader More

The headline and subheader tells us what you're offering, and the form header closes the deal. Over here you can explain why your offer is so great it's worth filling out a form for.

Remember:

  • Bullets are great
  • For spelling out benefits and
  • Turning visitors into leads.

Recent Posts

Posts by Topic

see all