MailGuard Blog

The worlds of politics and cybercrime collided in 2016 when Hillary Clinton’s presidential campaign HQ was infiltrated by hackers. The incident led to the exposure of thousands of sensitive private documents, a storm of controversy and potentially, the disruption of the US democratic process.

In the last two years, 45% of Australian companies were attacked by online criminals.

More than 60% of Australia’s medium-sized companies are undefended against cyber-attacks that have the potential to put them out of business; that’s the finding of a study conducted by Fairfax MediaandKPMG.

This new phishing attack MailGuard has detected is meant to look like a notification from St George Bank.

The message is a relatively convincing forgery with well-formatted text and a sender address with the domain “@st-george.com”

When hackers set about breaking into a company’s computers, they start with phishing emails. Their objective is to get one person inside their target company to click a link to a fake website they’ve set up and enter their email password.

MailGuard has detected a new email-based cyber-attack (shown above) telling the recipient they have been sent an invoice by an accountant.

“React promptly to download the invoice,” the deceptive message advises.

Clicking on the link takes the victim of this scam to a malicious website containing a hidden malware payload.

If you’ve seen this email in your inbox, best to delete it immediately. It’s a new scam using forged QuickBooks branding to try and trick people into clicking through to a malicious website.

MailGuard has detected multiple variants of this attack, using different company names and sender address domains.

There has been a 2500% increase in the sale of cybercrime kits on the dark-web since 2016, said Angus Taylor MP, Australian Minister for Law Enforcement and Cyber Security in a recent interview.
Taylor expressed his concern about this surge in online criminal activity. He noted that there has been “a high take-up of digital technologies” by Australian companies, but about 30% of smaller companies have inadequate cybersecurity measures in place. 

The NAB Bank's branding has been exploited by criminals in a new phishing fraud detected by MailGuard.

The email shown above appears to be a notification from the bank advising the recipient that their account “is now locked.”

The message contains several typical elements of a phishing email:

The email shown above is a new phishing attack detected by MailGuard.

The message sender has used forged American Express branding to try and convince the recipient that it’s a genuine Amex statement notification.

This week the SMH reported the story of the small business owner who lost AU$10,000 in an email fraud attack.

“Small business owner Phoebe Bell believes scammers were watching her emails "for months" before they swiped $10,000 from her homewares operation, Sage & Clare,” the SMH reports.

Claire, an intern at a small legal firm, sits down at her desk after getting back from a hasty, late lunch. She gulps her coffee and flicks open her email inbox: 37 new messages. She rubs her temples and begins to work her way through the backlog that piled up during her 15-minute lunch break.

The FBI warned US banks last week that they are expecting a large-scale fraud attack involving compromised ATM cash machines in the near future.

“Cyber criminals are planning to conduct a global Automated Teller Machine (ATM) cash-out scheme in the coming days,” the FBI advised banks in a confidential message revealed by the KOS blog, Aug 12.

If you see this message show up in your inbox, please delete it; it’s a phishing attack.

Although it’s been designed to look like an innocuous notification message, the “view completed document” link actually points to a phishing page - shown below - set up to harvest people’s email login credentials.   

When you consider how central email is to daily business operations, it’s not surprising, that it’s become the most damaging weapon in the cybercrime arsenal.
Every business still relies on email to do the majority of their daily communication. Everything from stationery orders to corporate mergers is organised and negotiated through the humble inbox.