Double Whammy: The Latest Phishing Scam Uses your ‘IT Support’ team to Install Malware

Posted by MailGuard on 29 July 2021 13:39:42 AEST

The latest phishing alert sees scammers impersonate the IT department of the targeted organisation in an attempt to steal email credentials and install a malicious file onto the victim’s computer.  Attackers have interestingly used a fake email address from American multi-national and shipping services company FedEx as the trusted name to lure victims into providing their details.  

A notable characteristic of this attack is the scammer's ability to use the name of your company or organisation in order to facilitate the phishing attempt. By purporting to be the victims internal IT services, the email advises the receiver that they have been ‘deactivated’ from a service (actual service not specified) by not having updated their email address. The rectification for this is via downloading the attachment that will apparently assist in updating this information. The wording and instruction in this email, if not looked at closely, attempts to mislead the victim into thinking that their online capability may be deactivated if the instructions are not followed. An easy trap for those who cannot afford to not have access to their company’s internal tech systems (which is usually the whole organisation).  

Read More

E-Toll Account statements are linking to malicious downloads

Posted by Akankasha Dewan on 12 October 2018 11:19:04 AEDT

NSW Roads and Maritime Services becomes another victim of brandjacking by cybercriminals. 2 variants of hoax emails supposedly sent by the government agency arrived in inboxes yesterday.

Read More

Beware of fraudulent eTicket email scam

Posted by Daniel McShanag on 26 September 2018 16:20:09 AEST

In the biggest week of football finals, and coinciding with a surge in upcoming seasonal events, comes the latest email scam that invites recipients to ‘Download and Print Your eTickets.’

Read More

"Naffco" email carries malware link

Posted by MailGuard Editor on 28 August 2018 12:44:44 AEST

MailGuard has intercepted the email shown above, which purports to be from a company in the UAE called Naffco.

Read More

Watch out for fake “accountant” notification emails

Posted by Emmanuel Marshall on 23 August 2018 14:32:03 AEST

MailGuard has detected a new email-based cyber-attack (shown above) telling the recipient they have been sent an invoice by an accountant.

“React promptly to download the invoice,” the deceptive message advises.

Clicking on the link takes the victim of this scam to a malicious website containing a hidden malware payload.

Read More

Phoney QuickBooks email used in new fraud

Posted by Emmanuel Marshall on 22 August 2018 14:51:37 AEST

If you’ve seen this email in your inbox, best to delete it immediately. It’s a new scam using forged QuickBooks branding to try and trick people into clicking through to a malicious website.

MailGuard has detected multiple variants of this attack, using different company names and sender address domains.

Read More

Cybercrime an “urgent, evolving crisis”: US Security Chief

Posted by Emmanuel Marshall on 07 August 2018 15:23:49 AEST

The United States Department of Homeland Security (DHS) has just announced a new division specifically to handle cyber threats against critical infrastructure. The National Risk Management Center will manage cross-sector responses to cyber-threats against vital US assets like the recently exposed attacks against the US power grid.

Read More

New zero-day malware attack brandjacking NAB

Posted by Emmanuel Marshall on 06 August 2018 13:35:14 AEST

Banks are well-trusted institutions, so when cybercriminals are looking for good trademarks to use in their email attacks they often rip-off bank branding.

This new scam email uses the NAB trademark to try and persuade recipients that it is a genuine notification message from their bank. The message tells the victim that they have been sent a “SWIFT message” as a “confirmation of payment” to their account.

Read More

Quote request email is actually a malware scam

Posted by Emmanuel Marshall on 12 June 2018 11:30:19 AEST


This scam message is meant to look like a quote request and is accompanied by an attachment containing malware.

MailGuard has detected this innocuous looking message which reads “we will like to know the price and availability of the following item in attach.”

Read More

New MYOB brandjacking scam

Posted by Emmanuel Marshall on 08 June 2018 11:24:55 AEST


MailGuard has detected a new email scam attempting to deliver malware to victim’s computers.
The scam message - shown in the screenshot above - shows MYOB branding and purports to be a document notification email.

Read More

Fake infringement notice scam detected

Posted by Emmanuel Marshall on 30 May 2018 12:34:03 AEST


MailGuard has detected a new email scam that uses fake infringement notices to try and lure victims into clicking on malicious files. 
If you see a message like the one shown above in your inbox, don’t click on the “view infringement notice” link. The link actually points to an archive file which is infected with JavaScript malware.

Read More

Email scam uses fake invoices to send malware

Posted by Emmanuel Marshall on 22 May 2018 10:19:52 AEST


Watch out for this email invoice scam.

MailGuard has detected fake invoice notifications like the one in the screenshot above, being sent from a wide variety of compromised email accounts.

Read More

Bogus NSW Government "penalty notice" email is malware scam

Posted by Emmanuel Marshall on 21 May 2018 13:35:05 AEST


MailGuard has detected a new email scam attempting to deliver malware to victim’s computers.

This malicious email - see screenshot above - is designed to look like a NSW Government “penalty notice,” using a fake “revenue.nsw.gov.au” link to try and lure victims into opening a malware-infected .doc file.

Read More

Cryptojacking scams: malware sent in email can hijack your devices

Posted by Emmanuel Marshall on 18 May 2018 11:02:30 AEST


Malware is one of the most common cybercrime attack methods because it’s so profitable for cybercriminals and it can be delivered via email or compromised websites.

Ransomware and spyware have long been the most common malware types but recently, with the surges in cryptocurrency value, a new malware pandemic is appearing: cryptojacking.

Read More

New scams target Telstra customers with phishing & malware

Posted by Emmanuel Marshall on 14 May 2018 10:48:47 AEST


Threat alert: two new email scams targeting
Telstra customers are hitting inboxes. These well-designed email attacks both use fake Telstra bill notifications to trick victims into clicking on malicious links.

Read More

Something Powerful

Tell The Reader More

The headline and subheader tells us what you're offering, and the form header closes the deal. Over here you can explain why your offer is so great it's worth filling out a form for.

Remember:

  • Bullets are great
  • For spelling out benefits and
  • Turning visitors into leads.

Subscribe to email updates

Recent Posts

Posts by Topic

see all