MailGuard has detected a new scam based on fake E-Toll and MyTax emails.
Emails purporting to be from Roads and Maritime Services (E-Toll) and MyTax Australia were intercepted Thursday morning (AEST). Scammers incorporated the logo and branding of both E-Toll and MyTax in the emails, in a bid to boost their legitimacy.
It was discovered both types of emails came from a single compromised domain called ‘brutalcorpse.com’.
Using a display name of ‘RMS E-Toll’, the emails imitating E-Toll appear to have come from different email addresses with varying first names.
The body of the email advises recipients that there are important changes coming to their account on 10 Nov 2018. To find out more, they should view their Account Statement, which is accessed via a link.
Unsuspecting recipients who click on the link are led to a malicious .doc file download.
This is not the first time E-Toll has been brandjacked by cybercriminals. Last month, emails purporting to be from E-Toll appeared in inboxes with the display name "NSW Roads and Maritime". These emails also led to a malicious file download.
The emails purporting to be from MyTax sent on Thursday use the display name of an individual, while the footers in the email include a reference to a ‘MyTax Australia Agent’.
This message informs recipients that as they have been notified, they ‘must’ receive a tax refund. However, due to insufficient information, the tax refund has failed to process. Users are then encouraged to save an ‘attached form’ and follow the directed steps.
The ‘attached’ form is actually a link leading to a malicious .doc file download.
Both E-Toll and MyTax are familiar names in Australia, with a significantly large number of locals having accounts with both Roads and Maritime Services and MyTax Australia. By imitating such well-known brands, cybercriminals aim to scam as many people as possible, and leverage the established reputation of these two agencies with Australian residents.
The email security experts at MailGuard recommend these steps for avoiding being tricked by a fraud email:
- Check who it was sent by. Examine the sender or reply-to address and check that it hasn’t been sent from a similar, but recently-registered domain such as te1stra.com instead of telstra.com
- Beware of links in emails. Before you click anything, take a closer look by hovering your mouse over and checking the destination in your browser. If it doesn’t match, it is not legitimate.
- Be alert for strange sentence structure, or phrasing uncommon to the apparent sender
- Ensure your email security is up to scratch. A cloud-based, advanced email security service like MailGuard will protect your staff in real-time from targeted attacks, without the dangerous time-lag common with signature-based antivirus vendors.
For a few dollars per staff member per month, add MailGuard's cloud-based email and web filtering solution to your business security. You’ll significantly reduce the risk of new variants of malicious email from entering your network. Talk to an expert at MailGuard today about your company's cybersecurity needs: firstname.lastname@example.org
Keep up to date on the latest email scams by subscribing to MailGuard’s weekly update, or follow us on Twitter @MailGuard.