MailGuard first detected and blocked the first versions of this scam earlier today.
The scam begins with an email which appears to originate from an Australia Post email address, but with content purporting to be a subpoena from the Australian Federal Police (AFP).
A sample of the email you should look out for is shown below:
This is a new example where cyber-criminals have used two different brands in the same campaign – a tactic used to bypass spam filtering technology which blocks malicious emails based on similarities in its supposed origin and content.
Once an unsuspecting recipient clicks on the enclosed blue “Save case notices” button, they are directed to one of a number of legitimate websites, which have been hacked into by the cyber-criminal, an example of which is shown below:
The user is encouraged to enter the number shown in the box above to view information about their court case. Once the user clicks ‘Download’ and runs an executable file, malicious software is then downloaded to their computer.
Many of the owners of the legitimate websites that the cyber-criminals have hacked into will be unaware that they are implicated within the attacks.
While this scam is relatively clumsy in its execution, containing content from one organization but appearing to be sent from another, it demonstrates that cyber criminals are continuing to evolve their approach to take advantage of unsuspecting recipients and beat slow-moving anti-virus vendors.
If you’re experiencing problems, you can speak to a cloud security specialist on 1300 30 44 30 or email firstname.lastname@example.org
Keep up-to-date on the latest email scams by subscribing to MailGuard’s weekly update or follow us on social media.