As part of this year’s Scams Awareness Week, MailGuard has partnered with the Australian Competition & Consumer Commission (ACCC) to help shine a spotlight on identity theft and scams. This year’s theme is “Be yourself. Don’t let a scammer be you.”
Today’s key message focuses on staying protected from phishing scams. Phishing scams can occur in the form of text messages, emails, on the Internet and via cold-calls. The ACCC warns that phishing was the most common scam involving identity theft in 2019, with 25,168 reports. There are many potential consequences of this scam, and identity theft is among one of them.
“Scammers pretend to be from government departments and businesses, like the ATO, myGov, Telstra or the NBN, to gain bank account details and other information about a person that can be used to impersonate them. Once a scammer has that information, they can then use it to access individuals' bank accounts or superannuation, take out loans under their names and impersonate them on social media to try to get money from family and friends,” the ACCC stated in a new media release released today.
Phishing has been around for decades. But cybercriminals have now upped the stakes, enticed by the idea of a large-scale attempt at a quick payday. Today, they are more focused on criminal-intent than simple annoyance. With email one of the most critical business applications worldwide, it isn't surprising that nine out of 10 cyber-attacks are delivered by email, and phishing email scams continue to be a serious business risk.
What are phishing emails?
A phishing email scam usually involves a fraudulent email and website that attempts to steal your information or identity for financial gain. A phishing attack message will typically include a link that will send the unwary victim to a fake login website. Once there, the user will be asked to enter username and password data which will be automatically captured by the phishing page. Scammers use phishing pages to collect login credentials for email accounts, bank accounts, and a wide range of other online services.
For the most part, phishing scams are obvious and prey on the weak. Most of us are unlikely to be sucked in and reveal our personal information or our passwords. However, just as users are smartening up to phishing scams, scammers’ tricks continue to evolve. Fake phishing emails are getting more sophisticated and ‘real’, with cybercriminals including increasingly convincing, well-designed and formatted emails to impersonate well-known companies & brands - a tactic we refer to as brandjacking.
Brandjacking: Phishing emails impersonating brands we know and love
Brandjacking is when cybercrime groups hijack the trusted relationships that we all have with major brands and companies. Essentially, brandjacking is a kind of forgery. Having realised the powerful influence and impact of brands on the minds of consumers, scammers often exploit the trademarks of well-known companies to deceive their victims and gain their trust. Playing on the fact that we’re all time-poor, with full inboxes, cybercriminals are hoping we won’t think twice about clicking emails from the brands we know and love. They’re betting that in our rush to clear our unread emails, that we might click on their emails to plug our credentials into a phishing page that they’ve created to mimic the real thing.
Here at MailGuard, we often intercept phishing emails impersonating popular brands like Netflix, government agencies like the Australian Taxation Office, and banking & financial institutions like ANZ. Here's an example:
Check out our brandjackers’ hit list here.
Phishing emails exploiting the COVID-19 pandemic
Recently, there has been a surge in cybercrime as cybercriminals take advantage of the crisis to steal confidential & valuable data from users. Google reported that it is intercepting 18 million COVID-19 scams and phishing emails every single day.
Closer to home, Telstra reported that cybercriminals are targeting staff ordered to work from home amid the COVID-19 pandemic, with convincing phishing emails that even reference the victim’s workplace. In addition, the ACCC reported that phishing scams are up by 44% compared with the same time last year.
The practice of launching cyber-attacks that are centered around ongoing trends isn’t anything new. Cybercriminals have long employed these tactics to take advantage of any disruptions and vulnerabilities in the hope that users’ uncertainties and fear around new changes will get better of them and they will not pause to check for the legitimacy of these emails.
Here at MailGuard, we continue to intercept multiple malicious emails that similarly attempt to manipulate users suffering from the disruptions triggered by the pandemic, like this phishing email masquerading as an IT update:
The COVID-19 crisis has significantly affected the way we communicate and work, and phishing emails like these are a reminder that as we adjust to the new norms and challenges brought on by the virus, scammers, too, are fine-tuning their attacks in accordance to these disruptions. It's imperative that businesses educate their teams on staying protected against phishing email scams.
Global susceptibility to phishing is continuing to make the approach an attractive technique for cybercriminals, especially amid all the disruptions posed by the ongoing COVID-19 pandemic, and you can bet these attacks are only going to get worse. Last month, for example, there were multiple reports of massive phishing campaigns threatening to cause catastrophic damage to users of Office 365 worldwide.
To stay protected against phishing scams, we urge you not to click links or open any attachments within emails that:
- Are not addressed to you by name.
- Appear to be from a legitimate company but use poor English, or omit personal details that a legitimate sender would include.
- Are from people and/or businesses that you were not expecting to hear from.
- Take you to a landing page or website that is not the legitimate URL of the company the email is purporting to be sent from.
Remember, it is always advisable to double-check the email's credibility before handing over any confidential data. If you’re unsure, contact the person, business or agency using contact details you have found independently, for example from the organisation's website, past bill or online search. Don't use contact details in the email you have received.
We know that nine out of 10 businesses are being impacted by phishing, even when most have an email security solution in place. Don’t assume that’s as good as it gets. Explore other solutions to layer your email defences and to protect your brand, your people and your data. No one vendor can stop all threats, so don’t leave your business exposed. If you are using Microsoft 365 or G Suite, you should also have third-party solutions in place to mitigate your risk. For example, using a third-party cloud email solution like MailGuard to complement Microsoft 365.
Along with technology, processes and people are also important when facing cybersecurity challenges and aligning all three will help in mitigating any incoming cyber risks, ensuring your business is protected. You can boost your cyber defence capabilities by providing phishing awareness training to your employees so that they’re better equipped to spot the difference between a phishing email and a legitimate one.
For more information on staying protected from phishing scams, you can refer to ACCC’s guidelines here.
At MailGuard, we firmly believe that a collaborative approach can help mitigate the risks of these scams. We recommend that you report any scam that you see or hear to the relevant authorities. Let this also be a good opportunity to re-evaluate your business’ cyber readiness and take proactive measures to help your teams become more cyber resilient. If you need more support in protecting your business from email scams, feel free to reach out to us at expert@mailguard.com.au.
As part of Scams Awareness Week, we will be focusing on scams related to online shopping tomorrow. Watch our blog for more updates.
One email is all that it takes
All that it takes to break into your business is a cleverly-worded email message. If scammers can trick one person in your company into clicking on a malicious link they can gain access to your data.
For a few dollars per staff member per month, you can protect your business with MailGuard's predictive and advanced email security.
Talk to a solution consultant at MailGuard today about securing your company's network.
Why not stay up-to-date with MailGuard's latest blog posts by subscribing to free updates? Subscribe to weekly updates by clicking on the button below.
