AAMI Insurance is the latest company to be brandjacked by cybercriminals in a series of email scams compromising MailChimp accounts.
Impersonating the classic ‘Trojan horse’ trick, cybercriminals sent a payload email scam to inboxes on Friday afternoon.
Recipients received a short email titled ‘Insurance Documents’ from AAMI Insurance. The message body included a Claim and Receipt Number, along with a link to ‘View Receipt and Insurance Documents’.
Unsuspecting users who clicked on the link were led to a PDF hosted on MailChimp. This PDF included a link to a malicious .doc file download.
Brandjacking scams like this are successful for cybercriminals because they are exploiting the marketing of the large companies they are imitating. The more recognisable and popular the brand, the better it is as a brandjacking tool.
In this case, cybercriminals are leveraging on the popularity of both the AAMI Insurance and MailChimp brands.
Brandjacking
Brandjacking is a kind of forgery in which scammers exploit the trademarks of well-known companies to deceive their victims and gain their trust.
In a typical brandjacking scam, criminals create email templates that look like messages from big companies and send them out wholesale to millions of recipients. When the scam messages show up in victim’s inboxes they feel safe opening them, because they look like legitimate emails from familiar companies.
Don’t become the next victim
According to the FBI, email fraud is still the number one cyber crime.
Protect your employees by:
- Ensuring all software is updated (for web browsers, apps, operating systems)
- Driving a strong culture of cyber literacy to affect user behaviour (educate your employees about the tell-tale characteristics of a suspicious, criminal intent email)
- Having robust content (email and web) filtering solutions in place.
For a few dollars per staff member per month, add MailGuard's cloud-based email filtering protection to your business security. You’ll significantly reduce the risk of new variants of malicious email from entering your network. Talk to an expert at MailGuard today about your company's cybersecurity needs: expert@mailguard.com.au
Stay up-to-date with new posts on the MailGuard Blog by subscribing to our email updates.
