MailGuard Blog

Watch out for this email invoice scam.

MailGuard has detected fake invoice notifications like the one in the screenshot above, being sent from a wide variety of compromised email accounts.

MailGuard has detected a new email scam attempting to deliver malware to victim’s computers.

This malicious email - see screenshot above - is designed to look like a NSW Government “penalty notice,” using a fake “revenue.nsw.gov.au” link to try and lure victims into opening a malware-infected .doc file.

If you get an email message like the one in the screenshot above, claiming to be from 'Telstra Media,' don't open it or click on the links it contains.

This new scam purports to be a Telstra Media billing notice and asks the recipient to view their 'BPAY payment invoice' but the link is actually pointing to a zipped malware file.

MailGuard has detected an email scam impersonating Go Via. 

The message (see above) is designed to look like a real Go Via statement notification, with logo branding, etc.

This scam is being sent from multiple email accounts.

There’s a nasty email scam out today that’s impersonating an Australian wedding photography company; 'Corral Photography.'

MailGuard has detected a batch of scam emails that are designed to look like invoice notifications from the photographer and contain a ‘view invoice’ link which directs the victim of the scam to a file containing malware - see screenshot, above.

Major Australian telcos Vodafone, Telstra and Bigpond are having their brands exploited in a new email scam detected by MailGuard today.

This innocent looking message (see screenshot above) appears to be delivering a ‘wire transfer receipt’ as a .pdf attachment, but the attached document contains malicious code that is activated if the file is opened.

MailGuard has detected a new fake invoice scam today, ripping off MYOB branding.

This criminal-intent email attack is a typical example of the bogus notification type of scam. The message received by the victim is designed to look like a genuine invoice notification message, complete with MYOB trademark, but when the victim clicks on the ‘view invoice’ link they are delivered to a malware file instead.

Zero-day phishing attack detected by MailGuard: this phishing email is designed to look like an invoice notification message from Microsoft Dynamics.

You can see in the screenshot above, that this is not a very well designed email scam, but the use of Microsoft’s branding makes the scam more likely to fool people.

There’s a new email scam going around today with fake Westpac Bank branding.

This message links to a phishing page designed to harvest people’s bank login details and personal information.

MailGuard has detected a new email scam using fake bill notifications from Click Energy.

This message should be relatively easy to spot for the observant scam skeptic. It is very plainly formatted and doesn’t include any graphical elements such as Click’s logo.

MailGuard has detected a new email scam involving a fake Suncorp wire transfer notification.

The email subject line reads ‘the wire transfer can not be processed.’

The message goes on to inform the recipient that ‘the detailed information regarding this transfer is on the link.’

We’ve intercepted and blocked a zero-day phishing scam, in the latest brandjacking of Australian car insurance company Bingle. The simple yet well-formatted and deceptive HTML email claims to have received your car insurance application and asks for corrections.  

MailGuard has detected a new email scam today using fake AGL Energy branding.

Some effort has gone into making this malicious email convincing enough to deceive victims; the design is well executed as you can see in the screenshot above, with sophisticated text and graphical content, that makes it look a lot like a genuine AGL communication.

MailGuard has detected a Zero Day phishing scam using fake CBRE branding.

The message contains a download link purporting to be a scanned PDF document from a Xerox Multifunction Printer. This link actually goes to a website designed to harvest victim’s Microsoft login details.

If you’ve made the move to Office 365 as your hosted email solution, your email is likely to be filtered using its Exchange Online Protection (EOP), which works to intercept and remove malicious content before it reaches your inbox.