Popular telecommunications company Optus has once again been spoofed by cybercriminals.
MailGuard first intercepted malicious emails purporting to be from the company on Tuesday, 30th of April 2019.
Using the display name ‘Optus’, the emails arrived in the guise of Optus bill notifications for users. As you can see from the screenshot below, the body of the emails include an account number as well as a bill amount and the date it is due. They inform recipients that there is a new account number and changes to the bill layout, including how GST is displayed.
Multiple links are provided in the email, including one to ‘view your bill now’. MailGuard understands unsuspecting recipients who click on the link are led to a suspicious website.
As you can see from the screenshot above, the emails look legitimate. Cybercriminals have used several techniques to boost the authenticity of the emails, including incorporating the branding and logo of the ‘Optus’ company. Interestingly, the email also includes several data points, such as the users’ bill amount of previous months. This also serves to make the emails more credible as they suggest the senders of the bill have official access to such personal data.
This is not the first time Optus has been brandjacked – a large-scale run of malicious emails purporting to be from the company was intercepted by our team about a month ago.
MailGuard urges all cyber users to be vigilant when accessing their emails, and look out for tell-tale signs of malicious emails:
Tell-tale signs of email scams:
- Generic greetings, such as ‘dear customer’
- A sense of urgency, e.g. “ensure your invoice is paid by the due date to avoid unnecessary fees”
- Bad grammar or misuse of punctuation and poor-quality or distorted graphics (this attempt isn’t let down by bad grammar, making it more likely some people will take the bait)
- An instruction to click a link to perform an action (hover over them to see where you’re really being directed)
Stop email fraud
Cybercriminals know we can be tricked; that’s why they send out millions of scam messages and put so much effort into making them look convincing.
People aren't machines; we're all capable of making bad judgement calls. Without email filtering protecting your inbox, it’s all too easy to have a momentary lapse of judgement and click on the wrong thing.
Stay up-to-date with new posts on the MailGuard Blog by subscribing to free updates. Click on the button below: