Receiving an email from the Australian Prime Minister, Scott Morrison might be exciting, but think twice before you click on any links.
MailGuard intercepted a phishing email sent supposedly from the PM in the afternoon of 29th of January (AEST). Titled ‘Here’s your download’, the emails use a display name of ‘Hon Scott Morrison MP’ and contain an email address using the ‘@pm.gov.au’ domain. The body of the email contains an image of the PM, and includes a heading that says ‘Invitation from the Prime Minister of Australia’.
It informs the recipient that their invitation letter ‘by Hon Scott Morrison MP, is attached’. The email concludes with a signature from ‘Secretary to: The Hon Scott Morrison MP[,] Prime Minister[,] Parliament House’. The invitation letter appears in a .PDF format and is hyperlinked.
Here’s a screenshot of the email:
Unsuspecting recipients who click on the link to view the letter are led to a SharePoint branded phishing website. At the time of writing this blog, the website had been taken down. MailGuard discovered the email was sent via SendGrid and the link was also hosted on the same platform.
This phishing email scam is good proof of how cybercriminals are innovating their techniques everyday to trick users. By sending an email impersonating such a senior official such as the Prime Minister himself, cybercriminals aim to evoke excitement and euphoria among recipients. This email also attempts to intrigue; telling the recipient that a new download and invitation has arrived creates a sense of curiosity. All these techniques motivate the recipient to click on the provided link right away, distracting them from hovering over the link in the email and looking out for any other errors. The inclusion of the PM’s photo and display name makes it harder for recipients to identify the email as a scam as it appears as a legitimate notification.
MailGuard urges all recipients of this email to delete it immediately without clicking on any links. If you see an email from a government organisation, please exercise caution and make sure it is a legitimate communication before you open it. Please share this alert with your social media network to help us make the people aware of the threat.
What to do if you receive a suspicious email
As a precaution, avoid clicking links in emails that:
- Are not addressed to you by name, have poor English or omit personal details that a legitimate sender would include
- Are from businesses you’re not expecting to hear from.
- Ask you to download any files
- Take you to a landing page or website that does not have the legitimate URL of the company the email is purporting to be sent from.
Don't get scammed
If your company’s email accounts aren’t protected, emails like the one above are almost certainly being received by your staff. Cybercriminals know people can be tricked; that’s why they send out millions of scam messages and put so much effort into making them look convincing.
People are not machines; we're all capable of making bad judgement calls. Without email filtering protecting your business, it’s just a matter of time before someone in your organisation has a momentary lapse of judgement and clicks on the wrong thing.
One email is all that it takes
All that it takes to break into your business is a cleverly-worded email message. If scammers can trick one person in your company into clicking on a malicious link they can gain access to your data.
For a few dollars per staff member per month, you can protect your business with MailGuard's predictive and advanced email security.
Talk to a solution consultant at MailGuard today about securing your company's network.
Why not stay up-to-date with MailGuard's latest blog posts by subscribing to free updates? Subscribe to weekly updates by clicking on the button below.
