Scamwatch round-up – AGL, Netflix and Suncorp brands hijacked

Scamwatch round-up – AGL, Netflix and Suncorp brands hijacked

Zero-day phishing scams designed to steal credit card information from recipients intercepted

ARN provides a weekly wrap of the phishing scams, malware attacks and security breaches impacting organisations across Australia.

This week, Suncorp, CBRE, CPA Australia, AGL and Netflix have all had their brands appropriated by scammers in separate email scams.

A fake Suncorp email was picked up by email filtering company, MailGuard, and was being sent out in "large numbers" on 8 January as previously reported.

On the same day, a zero-day phishing scam using the name of commercial real estate firm, CBRE, designed to harvest recipients' Microsoft login details was also doing the rounds on 8 January.

Screenshot (MailGuard)
Screenshot (MailGuard)

Accounting firm, CPA Australia, also had its brand used in a fake CPA invoice email picked up by MailGuard on 8 January.

In this attack, the messages were being sent from ‘cpaaustraliaa[dot]com and recipients were asked to open an attached .doc file.

"Scammers deliver malware via macros hidden in the structure of .doc files like this," MailGuard explained in a blog post. "The macro will operate in the background when the recipient opens the .doc file, activating a trojan or similar malware that is designed to hijack the victim’s computer."

Screenshot (MailGuard)
Screenshot (MailGuard)

On Tuesday, 9 January, MailGuard detected a new scam using AGL Energy's brand.

In this instance, cyber criminals have put a lot of effort into making this look like a genuine AGL email.

The sender address being used (aglenergyonline[dot]com) was registered two days before the attack in China, according to MailGuard.

The "disconnection notice" email included large sums of money owed and fine threats for late payments. The message was designed to lead recipients to click on the download your bill link, which pointed to a JavaScript malware dropper in a compromised SharePoint folder.

Screenshot (MailGuard)
Screenshot (MailGuard)

On 10 January, a new zero-day phishing scam using streaming giant Netflix's brand was picked up by MailGuard.

The ‘update payment’ button contained in the body of the emails links to a phishing website purporting to be a Netflix page.

This phishing scam is designed to get access to the recipients’ credit card details. After entering its personal information, recipients are then presented with a real Netflix page avoiding suspicion.

In late 2017, an attack using Netflix brand lasted for days hitting Australians inboxes. The email told recipients their billing information needed to be updated and they must “restart membership”.

Screenshot (MailGuard)
Screenshot (MailGuard)

Follow Us

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags malwaremailguardnetflixSuncorpAGLCPA AustraliaCBREMicrosoft credentials

Show Comments