Think before you click: Fake AAMI branded email scam infects computers

Posted by Akankasha Dewan on 08 October 2018 14:24:13 AEDT

AAMI Insurance is the latest company to be brandjacked by cybercriminals in a series of email scams compromising MailChimp accounts.

Impersonating the classic ‘Trojan horse’ trick, cybercriminals sent a payload email scam to inboxes on Friday afternoon.

Recipients received a short email titled ‘Insurance Documents’ from AAMI Insurance. The message body included a Claim and Receipt Number, along with a link to ‘View Receipt and Insurance Documents’.


Unsuspecting users who clicked on the link were led to a PDF hosted on MailChimp. This PDF included a link to a malicious .doc file download.

Brandjacking scams like this are successful for cybercriminals because they are exploiting the marketing of the large companies they are imitating. The more recognisable and popular the brand, the better it is as a brandjacking tool.

In this case, cybercriminals are leveraging on the popularity of both the AAMI Insurance and MailChimp brands.  


Brandjacking is a kind of forgery in which scammers exploit the trademarks of well-known companies to deceive their victims and gain their trust.

In a typical brandjacking scam, criminals create email templates that look like messages from big companies and send them out wholesale to millions of recipients. When the scam messages show up in victim’s inboxes they feel safe opening them, because they look like legitimate emails from familiar companies.

Don’t become the next victim

According to the FBI, email fraud is still the number one cyber crime.

Protect your employees by:

  • Ensuring all software is updated (for web browsers, apps, operating systems)
  • Driving a strong culture of cyber literacy to affect user behaviour (educate your employees about the tell-tale characteristics of a suspicious, criminal intent email)
  • Having robust content (email and web) filtering solutions in place.

For a few dollars per staff member per month, add MailGuard's cloud-based email filtering protection to your business security. You’ll significantly reduce the risk of new variants of malicious email from entering your network. Talk to an expert at MailGuard today about your company's cybersecurity needs:

Stay up-to-date with new posts on the MailGuard Blog by subscribing to our email updates. 

Keep Informed with Weekly Updates


Topics: email fraud Threat Update ZeroDay Malicious payload credential stealing emailscam fastbreak

Back to Blog


Something Powerful

Tell The Reader More

The headline and subheader tells us what you're offering, and the form header closes the deal. Over here you can explain why your offer is so great it's worth filling out a form for.


  • Bullets are great
  • For spelling out benefits and
  • Turning visitors into leads.

Recent Posts

Posts by Topic

see all