MailGuard Editor 24 September 2015 16:23:00 AEST 2 MIN READ

Latest Email Scams Targeting Recipients Purporting To Be From Apple, MyGov and PayPal

Here are samples of some of the zero-day or fastbreak email scams purporting to be from a variety of well-known brands. 

MailGuard have identified and have successfully blocked all these zero-day phishing email threats and are protecting all our corporate clients from falling victim.

Here are screenshots of the types of emails to watch out for along with the fake phishing landing pages:

  1. Phishing email scam purporting to be from Apple asking email recipients to verify their account: 

Apple_Phishing_Email_Sample_20150924

By clicking the link to supposedly verify your account, you are actually taken to the following landing page which will phish for Apple log in credentials. 

Apple_Landing_Page_Sample_20150924


  2. Phishing email purporting to be from MyGov advising of a supposed tax return, which is not personally addressed to the recipient.

MyGov_Phishing_Email_Sample_20150924

Here is a sample of the landing page email recipients are taken to, to supposedly ‘access’ their tax return. Notice the URL is looks similar to the legitimate URL because the cyber criminals have created a subdomain to their domain which is w3lb.com.

MyGov-Landing-Page-Feature

  3. Phishing email purporting to be from PayPal advising they need to verify their account otherwise their access will be restricted.

PayPal_Phishing_Email_Sample_20150924

Sample of the landing page with a form, which when completed gives criminals access to the recipients PayPal login credentials. Notice the URL is not that of the legitimate PayPal website which is www.paypal.com.

PayPal_Landing_Page_Sample_20150924

As a precaution, we urge you to delete emails that:

  • Appear to be from a legitimate company and are not addressed to you by name or are written in poor English.
  • Require you to click a link in the email body to verify your identity. Banks are aware that cyber criminals send phishing scam emails including links to compromised websites. Your bank will always instruct you to go to their website directly, and not to log into your account via a link through an email.
  • Request personal information that the purported sender should already have access to or not require for the stated purpose of the email.

Educating staff and employing cloud-based email filtering and web filtering, complimented by multilayered defences including desktop antivirus, anti-malware and anti-spyware will go a long way to mitigating the risk from a wide range of email scams. 

 


Keep up to date on the latest email scams by subscribing to MailGuard’s weekly update or follow us on social media.

Keep Informed with Weekly Updates

^ Back to Top