MailGuard has identified a new phishing campaign impersonating Linkt, targeting Australians with fake overdue toll invoices designed to harvest payment details.
This attack is effective because it looks routine. A small amount, a familiar brand, and a simple action. Pay now.
The phishing email: designed to look familiar
The scam begins with an email titled: “Your vehicle has an overdue Final Toll Invoice”
The message uses Linkt branding, including promotional imagery, and mimics the layout of a legitimate notification. It references a missed toll and prompts the recipient to act quickly. However, the email itself is actually a single large image, with one primary call-to-action: “Pay My Invoice”
This technique is used to bypass traditional scanning and guide the recipient toward a single decision.
Step 1: Fake payment portal
Clicking the link directs users to a fraudulent payment page that closely resembles Linkt’s legitimate portal.
Key elements include:
- A negative account balance
- A recommended payment amount
- Messaging such as “Account on Hold”
- A clear prompt to proceed with payment
The design is clean, familiar, and aligned with real user experiences, making it difficult to distinguish from a genuine request.
Step 2: Payment capture and processing loop
Once users proceed, they are taken through a staged payment process:
- Entry of payment details
- A “Processing your payment” screen
- A simulated delay to build legitimacy
If the transaction fails, users are prompted to try again, allowing attackers to capture multiple card attempts.
Step 3: Confirmation of stolen details
The final stage presents a confirmation screen, reinforcing the illusion of a legitimate transaction.
At this point, sensitive financial information has already been captured.
Indicators this is a phishing attack
MailGuard analysis identified several clear warning signs:
- Sender domains do not match Linkt, including:
- Info(at)paycityfiness(dot)com
- Info(at)ondemand-gmbh(dot)com
- Info(at)ondemandtrackings(dot)com
- The email relies heavily on embedded imagery rather than structured content
- The payment journey occurs on non-legitimate domains
- The process is designed to loop users through repeated payment attempts
Why this attack works
This campaign reflects a broader shift in phishing.
Attackers are no longer relying on obvious deception. Instead, they align with everyday financial workflows:
- Small, believable amounts
- Familiar brands
- Urgent but routine requests
When combined with time pressure, this increases the likelihood of action.
For businesses, the risk is significant. A single interaction can result in:
- Financial loss
- Compromised payment details
- Ongoing fraud exposure
Stay Safe, Know the Signs
MailGuard advises all recipients of these emails to delete them immediately without clicking on any links. Responding or providing personal details can lead to identity theft, data breaches, and financial losses.
Avoid emails that:
- Aren’t addressed to you personally.
- Are unexpected and urge immediate action.
- Contain poor grammar or miss crucial identifying details.
- Direct you to a suspicious URL that isn’t associated with the genuine company.
Many businesses turn to MailGuard after a near miss or incident. Don't wait until it's too late. Reach out to our team for a confidential discussion by emailing expert@mailguard.com.au or calling 1300 30 44 30.
One Email Is All That It Takes
All that it takes to devastate your business is a cleverly worded email message that can steal sensitive user credentials or disrupt your business operations. If scammers can trick one person in your company into clicking on a malicious link or attachment, they can gain access to your data or inflict damage on your business.
For a few dollars per staff member per month, you can protect your business with MailGuard's specialist AI-powered, zero-day email security. Special Ops for when speed matters! Our real-time zero-day, email threat detection amplifies our client’s intelligence, knowledge, security and defence. Talk to a solution consultant at MailGuard today about securing your company's inboxes.
Stay up-to-date with MailGuard's latest blog posts by subscribing to free updates. Subscribe to weekly updates by clicking on the button below.
