ARN provides a weekly wrap of the phishing scams, malware attacks and security breaches impacting organisations across Australia.
This week, a phishing email was sent to Australians' inboxes purporting to be from cloud storage company, Dropbox.
The scam was picked up by email filtering company, MailGuard, on 5 March. It aimed at getting recipients' login credentials.
The message within the email asked recipients to click on a link in order to view documents received. Usually, these types of scams lead the recipients to a fake login page where they collect the details.
After acquiring the details, cyber criminals use the accounts to store malicious files or sell the stolen credentials so others can access personal files and steal their identity in order to commit fraud, MailGuard wrote in its blog.
On 6 March, a malware scam was identified where cyber criminals hid behind South Australia-based sanitation services company, Enviro Sweep.
According to MailGuard, the 'Tax invoice' email contains a PDF file attached within which is a link to a malware file.
The message was sent from ‘gtaylor@envirosweep.com.au’, which MailGuard believes to be a real Enviro Sweep address.
The next Australian business to have its brand hijacked was MYOB. On 7 March, fake invoices were sent purporting to be from the accounting software firm.
According to MailGuard, the view invoice link within the message actually took recipients to a malware file instead.
The company believes that the sender addresses are likely to be real accounts which would have been compromised.
The next scam took place on 8 March, and it hid behind the brands of Australia's largest telecommunications providers, including Vodafone, Telstra and Bigpond. The scam email used simple formatting in order to deliver a fake wire transfer receipt.
The PDF attachment carried malicious code that was activated if the file is opened, MailGuard wrote.
On the same day, a new scam was sent, this time purporting to be a Quickbooks invoice notification. In this instance, a 'View invoice' link took recipients to an archived file containing malware.
"Once the victim’s computer is infected with malware it may be used by cyber criminals in a number of ways: to mount botnet attacks, run ransomware, spy on computer networks or launch further email scams," MailGuard wrote.
MailGuard also said that this attack is very similar to previous fake emails using Quickbooks' brand.
"The fact that this scam is so superficially similar to other Quickbooks brandjacking attacks MailGuard has seen, could indicate that the scams have been released by the same criminals, but because there are significant differences in the way the scams work, that is not necessarily the case.
"The criminals who launched these attacks could be using package deal scam-ware bought from malware-as-a-service (MaaS) vendors on the dark web," MailGuard added.
