A phishing email scam impersonating, iiNet is landing in inboxes, seeking to harvest sensitive user credentials and credit card information.
The email with the generic subject of ‘You have an important message,’ carries the iiNet logo and ‘Connect Better’ branding and comes as a notification from the ‘iiNet Billing Team’ alerting customers to a problem with payment of an invoice, and renewal.
While the email includes some clumsy language errors and grammatical tell-tale signs, for example telling customers that ‘We were unable to automatically pay your last invoice’ and a call to action button asking users to ‘update your current payment’, with the call to action button destination somewhat obscured by the use of a URL shortener. It nonetheless carries other attributes that may lend credibility and be convincing to some recipients. Signed ‘Kind Regards, The iiNet Team’ it features the appropriate legal claims to ‘Copyright © iiNet Limited’ along with the company ACN, and a link at the bottom to ‘Toolbox’, ‘My Account’ and ‘edit customer preferences’ plus the iiNet phone number and a Customer ID. The forged email address includes an additional ‘u’ and reads ‘suupport[at]iinet[dot]com[dot]au’.
Once a user clicks beyond the email, they are presented with a credible copy of the iiNet website asking users to input their credentials on a replica of the iiNet ‘Toolbox login’ page. Users who input their email address and password are inadvertently disclosing their credentials to the cybercriminals behind the scam.
The final step of the scam asks the user to input their credit card details, including the bank or card issuer, the name on the card, the card number expiry date and security code, after which they are presented with a page asking them to confirm their verification code.
The email comes from a mail service owned by web[dot]com and the phishing page is hosted on a compromised European website.
Users that fall victim to this scam will be vulnerable to having their iiNet account compromised, their credit card credentials used to make fraudulent purchases and their identity stolen. Their credentials are also likely to be harvested for use in future cyberattacks and sold on the dark web.
Several attributes of this scam are consistent with the phishing campaign last week that spoofed another major ISP, TPG, as reported here, leading MailGuard to conclude that it is likely the same cybercrime syndicate behind both attacks, targeting user credentials and harvesting credit card information from unsuspecting ISP customers.
While MailGuard is stopping this email scam from reaching the inboxes of its customers and partners, we encourage all users to be extra vigilant against this kind of email and whatever happens, do not open or click the links.
Cybercriminals frequently exploit the branding of leading companies like iiNet in their scams, because their good reputation lulls victims into a false sense of security, and with such a large number of users they are an easy and attractive target.
One email is all that it takes
All that it takes to break into your business is a cleverly-worded email message. If scammers can trick one person in your company into clicking on a malicious link they can gain access to your data.
For a few dollars per staff member per month, you can protect your business with MailGuard's predictive and advanced email security.
Talk to a solution consultant at MailGuard today about securing your company's network.
Why not stay up-to-date with MailGuard's latest blog posts by subscribing to free updates? Subscribe to weekly updates by clicking on the button below.