MailGuard Blog

Once again, an elaborate phishing scam is the weapon of choice for cybercriminals aiming to take advantage of the weakest link in the security landscape – human beings. A recent attack has taken inspiration from history by using ‘Project Zebra’, the name given to the top-secret mission between Stalin and Roosevelt (with the aim of flying a state-of-the-art amphibious warplane) as the subject of a malicious email impersonating an employee at international engineering, design and advisory firm ‘Aurecon’. The email currently intercepted by MailGuard uses a direct interaction phishing tactic designed to entice the victim into accepting a job proposal by creating a highly personalised email from an unsuspecting Aurecon employee. It is possible that these details have either been found publicly or from a leaked database.  

As I write this, the threat of Ransomware is rapidly on the rise. So much so that the Australian Federal Police has formed a task force - Operation Orcus - following in the footsteps of the US Government, in an attempt to combat the specialised criminal infrastructure that is wreaking havoc across large scale organisations here and globally. High profile victims such as Nine Entertainment, JBS and Uniting Care, along with the recent Kaseya interception have been making headlines and may continue to do so without superior intelligence targeting organised crime groups.  

The latest phishing alert sees scammers impersonate the IT department of the targeted organisation in an attempt to steal email credentials and install a malicious file onto the victim’s computer.  Attackers have interestingly used a fake email address from American multi-national and shipping services company FedEx as the trusted name to lure victims into providing their details.  

A notable characteristic of this attack is the scammer's ability to use the name of your company or organisation in order to facilitate the phishing attempt. By purporting to be the victims internal IT services, the email advises the receiver that they have been ‘deactivated’ from a service (actual service not specified) by not having updated their email address. The rectification for this is via downloading the attachment that will apparently assist in updating this information. The wording and instruction in this email, if not looked at closely, attempts to mislead the victim into thinking that their online capability may be deactivated if the instructions are not followed. An easy trap for those who cannot afford to not have access to their company’s internal tech systems (which is usually the whole organisation).  

This recent email attack threatens to steal user login credentials masquerading as trusted Microsoft email web app, Outlook. With over 400 million Outlook users globally, there is a good chance that you and your organisation are at risk of data theft.  

A fraudulent quarantine alert is the bait used for a recent email phishing scam currently being intercepted by MailGuard. Cybercriminals have used Outlook branding to trick unsuspecting recipients into entering their credentials (email username and password) for use in future criminal activity.  

The email arrives as an alert informing the victim of several emails whose delivery has been prevented due to system errors. After which, a link is provided to coerce the victim into reviewing the falsely quarantined emails. Recipients may be tricked into believing that the email is from the ‘Notifications Team’ however it appears to have come from a compromised Office 365 Account.  

Dear admired friend,

It is my solemn duty to inform you of the passing of your distant relative Mr Mohammed Abacha, a respected member of the Nigerian aristocracy.

The attacks can take many names, from CEO Fraud, to Whaling and Business Email Compromise. Whichever name you choose, spear phishing attacks impersonating influential executives continue to be a big problem for businesses of all sizes.

In a new email scam breaking early Monday, the same cybercrime network behind the recent AGL attacks appear to have moved their focus to Australia Post. The email claims that a package was unable to be delivered because nobody was home, and asks recipients to click a link.

A new Dropbox phishing scam emerged last night, with cyber criminals trying to hack the recipient’s email account by harvesting credentials from a fake Dropbox form.

A new sham Apple phishing scam has emerged, which uses a range of tactics to fool users into surrendering personal information including their account and credit card details.

A new fake Citibank phishing scam using advanced techniques to manipulate users into surrendering online banking access has emerged.

A new fake Dropbox phishing scam targeting users of the online sharing and storage platform is currently in circulation.

If you’ve made the move to Office 365 as your hosted email solution, your email is likely to be filtered using its Exchange Online Protection (EOP), which works to intercept and remove malicious content before it reaches your inbox.

The features and benefits of Office 365 are undeniable, allowing business owners and employees to access email and data from anywhere in the world via the cloud.

However, organisations transferring their operations to the cloud face a number of security implications - in particular, data access and defence against cyber threats like spam and malware.

Fortunately Office 365 features a range of security benefits, shown below, which help to mitigate risk.

MailGuard have identified and successfully blocked a recent run of email phishing attacks purporting to be from PayPal targeting PayPal users.

MailGuard have identified and successfully blocked another variation of an email phishing scam currently being circulated by cyber criminals impersonating Westpac.