This morning MailGuard has intercepted a large volume email scam. The messages are fake invoice reminders, using the brand ‘Xero’ to try and inspire trust. The email contains a link which pretends to point at an invoice but actually goes to a zipped JavaScript file containing trojan malware - see screenshot below:
Trojans are designed to covertly install harmful programs like ransomware and viruses on victim’s computers. In an office environment, trojan attacks can lead to widespread damage, not only to the machines directly affected but also to other computers connected to them on the network.
The format of this criminal-intent email is quite simple. There are no graphics in the email design, so in this case the cybercriminals behind the attack are relying on the Xero name to trick their victims.
Although the sender address appears to be ‘Xero’ the actual address domain - xerostatic[dot]com - is not a real Xero URL. It was registered recently, probably for the purpose of executing this scam.
MailGuard was successful in preventing these emails from getting to our client’s inboxes, but this is a very large-scale attack, so many email accounts without MailGuard protection will be affected.
Brandjacking: a Growing Problem
According to the ACCC ScamWatch website, the cost of cybercrime in Australia looks set to top $90 million in 2017. About 90% of cybercrime incidents are instigated via email, and the scams mutate and evolve over time as cybercriminals discover new ways to deceive their victims.
In recent months, MailGuard has seen a large volume of brandjacking scams. Brandjacking scams are ones which exploit trusted brand names to gain victim’s confidence. Brandjacking leverages the marketing and publicity that big companies invest in. The better known and well trusted a company is, the more useful their name is to scammers as a tool of deception.
Xero, the popular online accounting software, is a well known and trusted company so this is not the first time they have been brandjacked.
MailGuard CEO and Founder Craig McDonald recently wrote an article about the psychology behind brandjacking and why it is such a growing problem:
“This approach has a high success rate for cybercriminals. Why? Because it taps into our subconscious. Marketers have known for years how to leverage our subconscious to make us spend; 90% of all purchasing decisions are made subconsciously... Our happy subconscious clicking - the trust that we place in brands - is putting us all at risk…”
Read the rest of Craig McDonald’s article, here.
Think Twice Before Clicking
There are some simple ways to reduce the risk of being tricked by a brandjacking email:
- Watch out for emails that ask you to open or download files, especially if they are in .zip, .exe or .js format.
- Spelling or grammatical mistakes in emails are often indications of a scam.
- Never click on links in messages from unfamiliar senders.
- If you’re unsure about a message’s legitimacy, phone the company directly and ask about it.
One Click Can be Devastating
Doing business online opens up opportunities for collaboration on an unprecedented level, but with that opportunity comes significant risk. All criminals need to break into your business is a cleverly worded email; if they can trick one person in your company into clicking on a malicious link they can gain access to your data.
For a few dollars per staff member per month, you can protect your business with MailGuard's cloud-based email and web filtering security.
Talk to an expert at MailGuard today about making your company's network secure: click here.
Stay up-to-date with new posts on the MailGuard Blog by subscribing to free updates. Click on the button below:
