MailGuard Blog

An oddly styled Australia Post phishing scam has landed in inboxes, aiming to trick unsuspecting recipients into submitting their credit card details in order to receive a package. With a surge in online deliveries, and particularly at this time of the year as we reach peak holiday season, parcel delivery scams impersonating trusted names such as Australia Post are becoming commonplace, with expectant individuals and businesses warned to double-check any correspondence purporting to be from the popular delivery service. 

PayPal users should be watchful before opening or responding to any generic emails advising of a ‘limit’ being placed on their account, as it is most likely a devious attempt by scammers to get a hold of account and credit card information. Many of us rely on PayPal, (approximately 392 million, in fact) as a trusted way to make and receive payments, with 29 million active merchants using the service to run their online businesses, particularly in the current pandemic influenced times. This is not the first time that MailGuard has intercepted a scam spoofing the popular global payment provider, with the rise of online shopping and ease of use from various, perhaps, unsecured devices, providing a vantage point for criminals.

ANZ Banking Group customers be wary of ‘alert’ emails claiming there has been a ‘Suspicious Login’ attempt on your online banking account. Targeting over 9 million customers of the bank, the cybercriminals have crafted the phishing email to steal personal details from clients for credential harvesting, and likely for fraudulent payments. It’s not surprising that criminals have spoofed a trusted name such as ANZ.  

This new phishing attack MailGuard has detected is meant to look like a notification from St George Bank.

The message is a relatively convincing forgery with well-formatted text and a sender address with the domain “@st-george.com”

The NAB Bank's branding has been exploited by criminals in a new phishing fraud detected by MailGuard.

The email shown above appears to be a notification from the bank advising the recipient that their account “is now locked.”

The message contains several typical elements of a phishing email:

The email shown above is a new phishing attack detected by MailGuard.

The message sender has used forged American Express branding to try and convince the recipient that it’s a genuine Amex statement notification.

MailGuard has detected a new zero-day phishing scam using fake Netflix branding.

Netflix has become a favourite vehicle for email fraudsters. Their large customer base makes them a valuable target for brandjacking; cybercrime that exploits the trademarks of well-known companies to deceive victims.