MailGuard Blog

An oddly styled Australia Post phishing scam has landed in inboxes, aiming to trick unsuspecting recipients into submitting their credit card details in order to receive a package. With a surge in online deliveries, and particularly at this time of the year as we reach peak holiday season, parcel delivery scams impersonating trusted names such as Australia Post are becoming commonplace, with expectant individuals and businesses warned to double-check any correspondence purporting to be from the popular delivery service. 

Once again, an elaborate phishing scam is the weapon of choice for cybercriminals aiming to take advantage of the weakest link in the security landscape – human beings. A recent attack has taken inspiration from history by using ‘Project Zebra’, the name given to the top-secret mission between Stalin and Roosevelt (with the aim of flying a state-of-the-art amphibious warplane) as the subject of a malicious email impersonating an employee at international engineering, design and advisory firm ‘Aurecon’. The email currently intercepted by MailGuard uses a direct interaction phishing tactic designed to entice the victim into submitting a job proposal by creating a highly personalised email from an unsuspecting Aurecon employee. It is possible that these details have either been found publicly or from a leaked database.  

The holidays are fast approaching, and with retailers and consumers getting ready for the biggest sales of the year on Black Friday (the 26th of November), cybercriminals, who have been perfecting their social engineering techniques, are also gearing up to wreak havoc.  

The holiday season is upon us, and cybercriminals are making the most of the anticipation of consumers who are eagerly awaiting orders, with parcel delivery scams that are designed to steal your credentials. MailGuard is currently intercepting multiple fraudulent phishing emails, claiming to be from Australia Post.

The verdict is in, most industry experts and business leaders agree that Government contractors should be legally accountable for not meeting cybersecurity standards. A somewhat harsh stance perhaps, or simply being cruel to be kind?

The latest phishing scam being intercepted by MailGuard is targeting Telstra customers with a hopeful, ‘Your new refund’ message aimed to lure unsuspecting victims into providing scammers with sensitive information, including login and credit card information. Cybercriminals are aware that it is nearing the end of the year and holiday season, where there is a natural tightening of finances, and have taken the opportunity to mark vulnerable customers who would be delighted with receiving a refund. As a trusted name and telecommunications service provider for over 18 million customers, there is a high chance that victims will not think twice before continuing with the scammer's request.

Microsoft Outlook users should take care when receiving an email asking them to ‘validate your account’ – this is a phishing attempt by cybercriminals to gain access to sensitive credentials, including your email login and password. With over 400 million Outlook customers using email as part of their daily tasks, it is highly likely that unsuspecting victims will fall prey to this phishing attempt, if not vigilant.  

If you are one of the 300M+ users around the globe, be alert for an email scam that is targeting users claiming that an update is required.

We would like to thank the ACCC for providing us with this valuable interview with ACCC Deputy Chair, Delia Rickard, discussing tips on how to have a conversation about scams with our networks. While her comments are primarily geared towards consumers and individuals, it’s important to note that businesses and their employees can be vulnerable too.

The facts and figures are quite clear. We only need to look at the latest news headlines to witness the upwards trend of cyber threats that are facing individuals and organisations worldwide. From local councils to major corporations and government departments, no one is immune. We see evidence of this every day – from the recent cyber-attack in Melbourne, Australia, at the City of Stonnington Council, to Accenture’s $50 million dollar ransomware threat – cybersecurity is the number one threat facing businesses today. President Biden, in his address to the CEO’s of some of the largest corporations in the world, such as Google, Apple and JP Morgan Chase, urged leaders to up their commitment to cybersecurity, “The reality is that most of our critical infrastructure is owned and operated by the private sector, and the federal government can’t meet this challenge alone…You have the power, capacity and responsibility, I believe, to raise the bar on cybersecurity. Ultimately we’ve got a lot of work to do”. It’s becoming more apparent that a cyber resilient culture within businesses is imperative.

Netflix customers must remain vigilant, with a phishing email landing in inboxes, claiming that your account has been suspended. Once again, scammers have imitated the popular streaming service, in an attempt to steal sensitive credentials, including login details and credit card information to sell on the dark web and use in follow-on criminal campaigns. With millions of subscribers worldwide, it is highly likely that unsuspecting users will fall prey to this scam.

A fraudulent phishing email, designed to steal sensitive credentials including credit card details, has landed in inboxes purporting to be from Telstra.  The email alerts users that their last bill payment has been declined and that they are at risk of having their phone or internet services disrupted. As a large company with a trusted brand and millions of customers, Telstra is a popular target for threat actors hawking phishing scams of this kind. Details harvested from a scam of this nature may be used in subsequent criminal activity such as for fraudulent payments or sold on the dark web to other cybercriminal groups. Users must remain vigilant.  

A men’s lifestyle and shopping blog are among a number of businesses compromised in the latest phishing scam intercepted by MailGuard, targeting Microsoft Office 365 users. Cybercriminals warn victims that their password is expiring, and if not rectified, they threaten those users will lose access to their Office 365 account. With more than 300 million users worldwide requiring immediate access to their Microsoft 365 services for daily work purposes, it is likely that unsuspecting victims will fall prey to the scam.  

Cybersecurity threats are at an all-time high and expected to intensify as we head into a new world of work, with a greater reliance on technology. Now, more than any other time in history, businesses need to have implemented, at the very least, baseline security measures, in order to be protected. As we near the end of 2021, and as our customers start gearing up for a more cyber resilient 2022, it can only be of benefit to review baseline cyber threat mitigation strategies to ensure we’re running a tight ship. 

Careful inspecting any emails claiming to share an invoice via Microsoft SharePoint. MailGuard is currently intercepting a phishing attempt by cybercriminals purporting to share an invoice, designed to steal sensitive data, including Microsoft 365 login details, and potentially install malware on networks. With over 190 million users, across 200,000 businesses who use Microsoft SharePoint daily to share documents, there is a high likelihood unsuspecting users may fall prey to this scam.