It might sound exciting to receive an email announcing an unexpected gift, but don’t be too quick to follow its instructions – your surprise might just turn into a bit of a shock.
MailGuard has intercepted a phishing email scam purporting to be from Qantas. First detected around midday today, the 23rd of September (AEST), the email was sent using a display name ‘Qantas Store Customer Service Team’. MailGuard understands the email was actually sent from a single compromised email address. The body of the email informs recipients that their ‘Qantas Store Shopping Rewards order is now in transit’. The package will be sent by ‘AusPost Standard Post’. A link is provided to track that order.
Here is a screenshot of the email:
Unsuspecting recipients who click on the button titled ‘Track Delivery’ are led to a Qantas branded page titled ‘Frequent Flyer log in’ that asks them for their confidential details such as membership number and pin. Here is a screenshot of the page:
This is actually a phishing website on a Google Drive form page, and is designed to steal users’ Qantas Frequent Flyer credentials, likely for the purpose of committing crimes such as identity theft.
Once users have clicked on the ‘submit’ button after inserting their details, they are directed to a fake login failure page, as per the below:
The scammers inform the user that "The details do not match our records." and that 2 more attempts are left”.
Multiple techniques have been employed by cybercriminals to boost the legitimacy of both the email and the Google form. This includes the incorporation of the Qantas Frequent Flyer branding & logo in the email and also on the phishing page. The mention of an official order number as well as an AusPost carrier number further serve to provide credibility of the email as these are official elements expected to be present in a delivery notification from a well-established brand like Qantas.
Saying that however, multiple red flags exist in this scam that should alert any eagle-eyed recipients. One notable example of this is that the Qantas Frequent Flyer page is hosted on a Google Form page, instead of the official Qantas website. Spacing and grammatical issues on the email are also good indicators of its unauthenticity.
Another parcel delivery scam
Well-known companies such as Qantas and Australia Post are popular targets for scammers to impersonate because they are trusted names with large customer bases.
In this case, cybercriminals are preying on the curiosity of Qantas customers who may think a ‘order’ is on its way. This motivates them to enter personal details without hesitating.
Fake delivery email scams are a favourite of cybercriminals, particularly around busy shopping periods such as Christmas and the Boxing Day sales.
What to look out for
As a precaution, avoid clicking links in emails that:
- Are not addressed to you by name, have poor English or omit personal details that a legitimate sender would include (e.g. – tracking ID).
- Are from businesses you’re not expecting to hear from.
- Ask you to download any files, especially with an .exe file extension.
- Take you to a landing page or website that does not have the legitimate URL of the company the email is purporting to be sent from.
Whilst MailGuard is stopping this email scam from reaching Australian businesses, we encourage all users to be extra vigilant against this kind of email and whatever happens, do not open or click them.
Don't get scammed
If your company’s email accounts aren’t protected, emails like the one above are almost certainly being received by your staff. Cybercriminals know people can be tricked; that’s why they send out millions of scam messages and put so much effort into making them look convincing.
People are not machines; we're all capable of making bad judgement calls. Without email filtering protecting your business, it’s just a matter of time before someone in your organisation has a momentary lapse of judgement and clicks on the wrong thing.
Cybercriminals use email scams to infiltrate organisations with malware and attack them from the inside. All criminals need to break into your business is a cleverly-worded message. If they can trick one person in your company into clicking on a malicious link they can gain access to your data.
For a few dollars per staff member per month, you can protect your business with MailGuard's predictive and advanced email security.
Talk to a solution consultant at MailGuard today about securing your company's network.
Why not stay up-to-date with MailGuard's latest blog posts by subscribing to free updates? Subscribe to weekly updates by clicking on the button below.