MailGuard Blog

An email scam using a fake ANZ Bank login page is dropping on inboxes today.

MailGuard detected the new scam which uses sophisticated graphical elements to create the illusion of genuine ANZ branding.

As brandjacking scams go, there’s one category of trademark that is especially powerful for scammers to use: banks.

Careful what you click. Earlier today MailGuard intercepted yet another criminal intent email scam impersonating popular accounting software brand ‘Xero.’

Using Zoho as your customer relationship management (CRM) tool, subscribe to Zoho communications or use Zoho Docs? Or maybe you're just curious? Don't get sucked into the latest fast-breaking criminal intent phishing scam detected by MailGuard today.

In the latest example of brandjacking, this evening we are seeing a run of phishing emails impersonating major retail brands. The criminal emails are leveraging several different compromised MailChimp accounts to bypass traditional email scanning software, and then using the power of major household name brands to entice users to click.

In a very large scale and ongoing email scam, cybercriminals are yet again impersonating accounting firm MYOB, delivering a fraudulent DocuSign supply order to inboxes. This is the second ‘brandjacking’ in the space of the last week for MYOB, with a similar invoice scam impersonating the leading accounting software last Tuesday.

A new e-ticket infringement email scam has been landing in inboxes throughout today. Starting late in the morning AEST, the run continued for several hours with a display name ‘Anna POL #6635’ and display address of ‘strathmorecc(at)live(dot)com(dot)au’

In a cyber-attack that is still ongoing, cyber criminals are mimicking leading accounting software brand MYOB, delivering fake invoices to unsuspecting email recipients. The large-scale attack was first blocked by MailGuard early on Tuesday AEST.

Frequently targeted ASIC and CBA have again been impersonated in new email scams circulating from this morning (AEDT). These scams are particularly deceitful as they are so well-crafted, with no grammatical errors and on-brand formatting.

The ATO and MYOB, regular victims of brand-jacking by cybercriminals, have again been targeted today in large-scale email campaigns. The first ATO-branded email was detected at 8.22am AEST, and the MYOB-branded email at 8.50am AEST. MailGuard has blocked 100% of these emails, and as both attacks are ongoing, we are monitoring for variants.

Warn your teams to be careful about clicking on any strange emails when they get to their desks this morning. Starting at 6:00pm and 6:19pm respectively, two new email scam from eFax Corporate and Virgin Media, were arriving in Australian inboxes last night. MailGuard successfully blocked the scams, with the last messages ceasing at 10:02pm and 10:56pm.

The barrage of criminal intent email campaigns masquerading as popular SMB and consumer brands Telstra and Xero continues today. The very large-scale attacks were detected from 9.03am AEST September 26, and are ongoing. Whilst 100% of these emails were blocked by MailGuard, we are monitoring for variants.

Two very large phishing campaigns are landing in business inboxes this morning. First stopped by MailGuard just before 9:00AM AEST, the scams are impersonating Telstra and Brisbane eToll operator go via.

Forever popular with cybercriminals, this week has seen a series of email scams going directly for the money-jar. Leveraging major accounting software brands that are popular with the SMB segment – like MYOB, Xero and Sage – the cybercrime networks may be chasing smaller businesses who don’t have dedicated infosec or IT help to defend against scams.

Look out today for a sophisticated DVD phishing scam using a compromised MailChimp account to deliver malicious code. The email from ‘DVDs Manager’ is framed as an ’Order confirmation.’