Several MailChimp Accounts Compromised as Phishing Attack Impersonates Major Brands – Aldi, Bunnings, Amcal and Others

Posted by Daniel McShanag on 14 November 2017 00:24:39 AEDT

 

In the latest example of brandjacking, this evening we are seeing a run of phishing emails impersonating major retail brands. The criminal emails are leveraging several different compromised MailChimp accounts to bypass traditional email scanning software, and then using the power of major household name brands to entice users to click.

Despite being simple HTML emails that are emanating from the compromised MailChimp accounts, the emails are well formatted and could be easily mistaken for the real thing by unsuspecting recipients. Carrying links that redirect to a survey page, they ultimately lead users to a phishing page to steal their credentials and to deliver adware.

As you can see in the following samples, the display names are either the brands that are being impersonated, or an individual. For example, Aldi, or Bunnings Team, or Natalie Sands. The emails are also personally addressed to the recipient, by either first name, or first and last name, which adds to the integrity of the scam.

aldi-masked.png

amcal-masked.png 

bunnings-masked.png

Recipients are offered the reward of a $1,000 or $2,000 gift card if they click through to complete the survey.

aldi-survey-masked.png

We anticipate that this latest attack may yield a high click-through rate for the criminals behind the fraud, as the mechanism for the scam is simple and easily confused for representing major Australian brand names that will be very familiar to users checking their inbox in the late hours of the evening, or early tomorrow morning.

MailGuard First to Identify and Stop the Attack

At the time of detection, and indeed at the time of writing, MailGuard are unaware of any other email security services that are stopping this threat.

At MailGuard, we see criminal-intent emails like these daily. Cybercrime of this sort, where cybercriminals create a fake phishing page that looks like a well-known company is known as ‘brandjacking.’ The criminals behind these attacks use the well-known names of big companies to lull their victims into a false sense of security. These attacks have a high success rate for cybercriminals, because they leverage the trust we place in names like PayPal, Netflix and Microsoft to trick victims.

How Can I Tell if the Messages in my Inbox are Real?

Although brandjacking messages like these are often very convincing, there are a few tell-tale signs you can look for to identify a criminal-intent email:

  • Generic greetings, such as ‘Dear customer’
  • A sense of urgency: “Ensure your invoice is paid by the due date to avoid unnecessary fees”
  • Bad grammar or misuse of punctuation and poor-quality or distorted graphics
  • An instruction to click a link to perform an action
  • Obscure sending addresses that don’t match the real company’s domain URL
  • If in doubt, type the web address (URL) directly into your browser rather than clicking the link, or better still phone the company.

MailGuard urges email users to hesitate before clicking any type of attachment or link in an email if they’re uncertain of its legitimacy.

For a few dollars per staff member per month, add MailGuard's cloud-based email and web security to your business security. You’ll significantly reduce the risk of new variants of malicious email from entering your network.

Keep Informed with Weekly Updates

 

^ Back to Top

Topics: Phishing Malware email scam Cybersecurity cybercrime Survivingcybercrime cybercrime statistics hoax email brandjacking Australian brands

Back to Blog

Comments:


Something Powerful

Tell The Reader More

The headline and subheader tells us what you're offering, and the form header closes the deal. Over here you can explain why your offer is so great it's worth filling out a form for.

Remember:

  • Bullets are great
  • For spelling out benefits and
  • Turning visitors into leads.

Recent Posts

Posts by Topic

see all