Exactly a month ago, MailGuard shared details of an email scam purporting to be from Optus, using the domain ‘optusnet.com.au’. Now, we have detected another very similar run of scam emails that use the same domain name and employ similar techniques to trick unsuspecting recipients.
Currently ongoing, the scam emails we intercepted have been hitting inboxes fairly consistently over the last few weeks.
This latest large-scale scam email run also appears to be sent using Optusnet webmail from a large number of compromised accounts. The content of the emails is very similar to the previous run. They are all plain text emails and include a short message which direct the recipient to review / access attachments. In most cases, the attachment is a .zip archive containing a malicious VBS file designed to infect computer systems.
The emails employ varying subjects. Here are a few examples:
- Notification # 78
- RFS Slip Trip Field Base Report
- Base Report
- Complaint 029
- RFS Slip
- Summons in Court
- Notice # 991
- pension information
- Requsted documents
- Insurance documents
- Financial Stat....
- Draft Financial Stat....
- INCORPORATION DOCUMENTS
- Financial Statements
- Draft Financial Statements
- RE:Financial Stat....
- Incorporation Documents
Here are several screenshots of the emails MailGuard has intercepted:
The plain-text nature of these emails, along with how consistently they are being sent are a good reminder of how easy it is for cybercriminals to create and proliferate scam emails. With a small amount of technical knowledge and minimal investment of time and money, the attackers can develop a large-scale campaign with a high degree of confidence.
MailGuard urges all cyber users to be vigilant when accessing their emails, and look out for tell-tale signs of malicious emails:
Tell-tale signs of email scams
- Do not address recipients directly (e.g. “Dear customer”)
- Bad grammar or misuse of punctuation and poor-quality or distorted graphics
- An instruction to click a link to perform an action (hover over them to see where you’re really being directed)
- Obscure sending addresses (for example, Hotmail, gmail, Yahoo addresses should set alarms bells ringing)
Don't get scammed
If your company’s email accounts aren’t protected, emails like the one above are almost certainly being received by your staff. Cybercriminals know people can be tricked; that’s why they send out millions of scam messages and put so much effort into making them look convincing.
People are not machines; we're all capable of making bad judgement calls. Without email filtering protecting your business, it’s just a matter of time before someone in your organisation has a momentary lapse of judgement and clicks on the wrong thing.
For a few dollars per staff member per month, add MailGuard's cloud-based email and web filtering solution to your business security. You’ll significantly reduce the risk of new variants of malicious email from entering your network. Talk to an expert at MailGuard today about your company's cybersecurity needs: firstname.lastname@example.org
Keep up to date on the latest email scams by subscribing to MailGuard’s weekly update, or follow us on Twitter @MailGuard.