The realistic-looking ‘go via’ statement email started hitting inboxes on a large scale this morning.
The domain used in the scam, firstname.lastname@example.org, was registered in China early today – less than seven hours before the fake invoice began landing in inboxes.
It’s not the first time go via, which is responsible for toll roads in Queensland, has been used in an email scam.
The company’s website offers a security warning about go via-branded email scams.
“Anyone who has received this email should delete it immediately and ensure you do not click on any links provided,” the company advises.
“Customers with any queries regarding emails from go via or their account should contact us on 13 33 31.”
Tollway invoice fraud is on the rise this year, with a similar attempt impersonating NSW Roads and Maritime Services in June.
Tell-tale signs of email scams
- Generic greetings, such as ‘Dear customer’
- A sense of urgency: “Ensure your invoice is paid by the due date to avoid unnecessary fees”
- Bad grammar or misuse of punctuation and poor-quality or distorted graphics (this attempt isn’t let down by bad grammar, making it more likely some people will take the bait).
- An instruction to click a link to perform an action (hover over them to see where you’re really being directed)
- Obscure sending addresses (for example, goviau.co – go via’s real domain is http://govianetwork.com.au/)
For a few dollars per staff member per month, add MailGuard's cloud-based email and web security to your business security. You’ll significantly reduce the risk of new variants of malicious email from entering your network.