Payload email scam spoofs several brands

Posted by Akankasha Dewan on 10 December 2018 13:04:00 AEDT

Multiple organisations have been brandjacked in several variations of a payload email scam that are hitting Australian inboxes. MailGuard intercepted the first variant of these emails on Thursday afternoon (AEST).  

Using a variety of different names and email addresses, the emails are sent using Sparkpost mail. All of them direct recipients to open attached documents containing malicious files that are designed to infect users’ computer systems.

The first email variant advises recipients that a new account statement is attached and that there is an important notice included. Here is the screenshot of the email:

Ringo - 1st screenshot

The second email variant advises the recipient that a receipt for their bill payment to the Australian Tax Office is attached, as per the below:

Ringo - 2nd screenshot

The final variant of this email scam is a RingGo receipt, an almost legitimate-looking RingGo customer email that advises recipients on different ways of making payment to RingGo. Here is the screenshot of the email:

Ringo email scam edited 3

All of these emails contain attachments in the form of a .vbs script file or a .zip archive containing a .vbs file.

While appearing in multiple variations, this email attack is not a very well-designed attack compared to some of the more sophisticated scams we see here at MailGuard.

The emails are in a plain text format and contain grammatical errors; a red flag to anyone conscious of email security concerns. For example, the subject line in the first variant of the email scam says, ‘You’ve a new account statement’.

This email scam is a good reminder of how innocent-looking, plain emails can, in fact, be malicious. As simple as they may seem, these attacks are happening all too regularly, and with devastating effect. Not only can gain access to confidential data of individual employees and firms, they can, ultimately, inflict significant financial and reputational damage on an organisation.

Don't get scammed

If your company’s email accounts aren’t protected, emails like the one above are almost certainly being received by your staff.  Cybercriminals know people can be tricked; that’s why they send out millions of scam messages and put so much effort into making them look convincing.

People are not machines; we're all capable of making bad judgement calls. Without email filtering protecting your business, it’s just a matter of time before someone in your organisation has a momentary lapse of judgement and clicks on the wrong thing.

For a few dollars per staff member per month, add MailGuard's cloud-based email and web filtering solution to your business security. You’ll significantly reduce the risk of new variants of malicious email from entering your network. Talk to an expert at MailGuard today about your company's cybersecurity needs: expert@mailguard.com.au

Keep up to date on the latest email scams by subscribing to MailGuard’s weekly update, or follow us on Twitter @MailGuard.

Keep Informed with Weekly Updates

 

^ Back to Top

Topics: cybercrime Cybersecurity email scam Phishing Malicious payload

Back to Blog

Comments:


Something Powerful

Tell The Reader More

The headline and subheader tells us what you're offering, and the form header closes the deal. Over here you can explain why your offer is so great it's worth filling out a form for.

Remember:

  • Bullets are great
  • For spelling out benefits and
  • Turning visitors into leads.

Recent Posts

Posts by Topic

see all