Local internet service provider iiNet has been embroiled in a phishing email scam designed to harvest confidential data of users.
MailGuard intercepted the malicious emails earlier today afternoon (AEST). Using the display name of 'iiNet Billing Team', the email infiltrated inboxes without including a specific subject. It was actually sent from a single email address that was created for the purpose of tricking users.
Its body includes the iiNet logo and informs recipients that there is a ‘problem with your current payment method’. To ‘avoid a delay in your service’, recipients are directed to update their ‘current payment’ via a link.
Here is a screenshot of the email:
Unsuspecting users who click on the link are taken to a fake iiNet-branded phishing page that asks for their email and password, as per the below:
Upon ‘logging in’ users are then taken to another page titled ‘Update Processing’ that asks them to update their billing details:
After users have filled in all fields and clicked ‘update my payment details’, they’re taken to another page that asks to ‘confirm your update’ by inserting a ‘verification code’ that’s sent to their mobile. Since this step is part of the phishing scam, the form will accept any number typed in by the victim. Here is what the page looks like:
Clicking ‘submit’ then takes users to a final page titled ‘Thank You’. This page includes a fake customer receipt number:
If any user did fall victim to this scam, they are vulnerable to having their iiNet account hijacked, their credit card credentials used to make fraudulent purchases and their identity stolen.
Cybercriminals behind this scam have incorporated multiple elements to boost this email’s credibility. These include:
- use of a major brand name to inspire false trust; using ‘iiNet Billing Team’ as the display name boosts the email's credibility,
- usage of multiple security features like a verification code that are typically expected of legitimate notifications from a well-established organisation like iiNet,
- inclusion of high-quality branding elements like iiNet’s logo & branding in the phishing pages that are typically present in pages from the company and,
- an alarming body; informing recipients that their service may be ‘interrupted’ creates a sense of urgency and anxiety, motivating users to take action immediately without checking on the email’s authenticity.
Despite these techniques, eagle-eyed recipients should be able to spot several red flags that point to the email’s illegitimacy. For instance, the user isn’t addressed directly in the email and the email address used in the ‘from’ field doesn’t contain a iiNet domain.
Whilst MailGuard is stopping this email scam from reaching Australian businesses, we encourage all users to be extra vigilant against this kind of email and whatever happens, do not open or click them.
What to look out for
As a precaution, avoid clicking links in emails that:
- Are not addressed to you by name, have poor English or omit personal details that a legitimate sender would include (e.g. – tracking ID).
- Are from businesses you’re not expecting to hear from.
- Ask you to download any files, especially with an .exe file extension.
- Take you to a landing page or website that does not have the legitimate URL of the company the email is purporting to be sent from.
One email is all that it takes
All that it takes to break into your business is a cleverly-worded email message. If scammers can trick one person in your company into clicking on a malicious link they can gain access to your data.
For a few dollars per staff member per month, you can protect your business with MailGuard's predictive and advanced email security.
Talk to a solution consultant at MailGuard today about securing your company's network.
Why not stay up-to-date with MailGuard's latest blog posts by subscribing to free updates? Subscribe to weekly updates by clicking on the button below.