MailGuard Blog

A MailGuard client since February 2018, Capitol Health is a leading provider of diagnostic imaging services to the Australian healthcare market. Their objective is to build a leading healthcare business with potential for sustainable growth and profitability.  

We spoke to Brendan Revell, head of IT at Capitol Health to find out more about the company’s cybersecurity strategy and their experiences working with MailGuard.

MailGuard has detected a new email scam using fake ‘Xero’ domains in the sender addresses.

This message, shown in the screenshot above, is designed to look like an invoice notification from ‘The Advocates Property Advisory.’
The message contains a ‘view invoice’ link which if clicked, directs the scam victim to download an MS Word .doc file containing hidden malware.

A new zero-day email scam imitating Xero branding has been detected by MailGuard.

This email is supposed to look like a Xero invoice notification. The text advises the recipient that their credit card will be debited, and offers a link to view their bill.

MailGuard has intercepted a new email scam pretending to originate from CPA Australia.

The message instructs recipients to open an attached ‘invoice’; an attachment in Word .doc format.

Scammers deliver malware via macros hidden in the structure of .doc files like this.

Cybercriminals don’t take vacations; MailGuard intercepted a large-scale email scam this morning, pretending to contain a Xero branded invoice.

The criminals behind this scam are leveraging the trust users place in the Xero brand to try and get people to open a malware file attachment. 

MailGuard intercepted an email scam this morning that's meant to look like a message from ASIC; the Australian Securities and Investments Commission

New tactics to bypass traditional anti-virus defences are ever developing, but this latest run shows a series of varying aspects to each email.

MailGuard has successfully identified and blocked a highly-sophisticated spam campaign which uses Microsoft Word files to infect computers with crypto ransomware.

MailGuard have recently identified and blocked a large scale run of email spam containing Word files infected by macro malware.

We can confirm at the time of report, no major antivirus vendors were detecting these documents as containing a macro virus. Whilst macro malware scams have existed for years, we have identified a large increase in their distribution recently.

Here are screenshots of some of the unique email variations we have observed: