Two very large phishing campaigns are landing in business inboxes this morning. First stopped by MailGuard just before 9:00AM AEST, the scams are impersonating Telstra and Brisbane eToll operator go via.
The Telstra scam was first blocked at 8:45AM AEST, with a subject of ‘Telstra Bill – Arrival Notification,’ the email is a notification from the ‘Telstra Online Services Team’ alerting customers to the arrival of their bill and providing a malicious link to ‘View Bill.’
The email is plain text, with no Telstra branding, however it is otherwise well formatted and authentic in appearance, and the sender email could be easily mistaken for the real thing at telstraemailbill_noreply(at)telstra(dot)enterprisebusinesscenter(dot)com (altered).
Cheekily, the email also includes a note advising customers that ‘Telstra will never ask you to provide credit card, or banking details via email.’ With a further link to ‘To find out more about the measures that we are taking to protect telstra.com members from email fraud, please go to http://www(dot)telstra(dot)com/phishing’ (altered).
The sending domain ‘enterprisebusinesscenter(dot)com’ was registered yesterday with a registrar in China. The link in the email goes to a compromised SharePoint hosting a Telstra Bill.zip file with a malicious JavaScript file.
The second scam was blocked only seconds before the Telstra Bill scam and impersonates Queensland eToll operator go via. Go via were the subject of a similar scam two weeks ago, along with several other attacks earlier in the year.
The go via scam is well formatted, carrying authentic appearing branding and coming from a display name of ‘go via’ with a legitimate looking sending email address of ‘<do_not_reply(at)govia(dot)cwebu(dot)com’ (altered) advising customers that their ‘tax invoice statement is now available for download.’
As with the Telstra email bill scam, in this case the ‘cwebu(dot)com’ domain was also registered yesterday in China, and the link goes to another compromised SharePoint site with a .zip file containing a malicious ‘Monthly invoice.js’ JavaScript file.
MailGuard urges email users to hesitate before clicking any type of attachment or link in an email if they’re uncertain of its legitimacy.
For a few dollars per staff member per month, add MailGuard's cloud-based email and web security to your business security. You’ll significantly reduce the risk of new variants of malicious email from entering your network.
