ARN

Scamwatch round-up – Docusign, Origin Energy and Netflix

Brand-jacking still a popular way of online scams

ARN provides a weekly wrap of the phishing scams, malware attacks and security breaches impacting organisations across Australia.

This week, Docusign, Origin Energy and Netflix were among the companies whose brands were hijacked by scammers, with phishing email campaigns using the businesses’ brands to dupe local recipients.

A scam impersonating a Docusign notification message was picked up by email filtering company, Mailguard, on 26 March.

The message contained a link to review documents, which according to Mailguard might download a file containing a virus or harvest their personal data.

At the time, the security company had not identified exactly what the link did but it said that JavaScript malicious software is commonly used on these types of scam. Mailguard said it was intercepting large volumes of those messages.

On 27 March, Mailguard detected another scam, this time purporting to be from Origin Energy.

The message was designed to look like an electricity bill and contained a view link button with Mailguard suspecting it to be a downloadable virus.

The cyber criminals went through the trouble of registering at least four different domains from where the emails were sent: no-reply@ energyaustralia.info; no-reply@ energycompany.info; no-reply@ energyland.net; no-reply@ energy-system.net.

The week was wrapped up by a new fake Netflix email scam designed to convince recipients that their membership is being cancelled.

The message tells recipients they have failed to validate their payment and ask them to log into their Netflix accounts to verify billing and payment details.

In November 2017, the streaming giant had its brand used in a malicious round of emails hitting Australian inboxes. The attack continued throughout the week, with even the Queensland Police issuing a scam alert.

Early in the year, Netflix brand was used again in a phishing scam. The update payment button contained in the body of the emails linked to a phishing website purporting to be a Netflix page. That scam had been designed to get access to the recipients’ credit card details. 

The Northern Territory Government (NTG) warned suppliers of an email scam impersonating NTG email accounts early this week.According to an alert posted on the NTG's website, the email contains a link to download a document designed to look like a contract approval.

The NTG told recipients to not click or save the attachment as it could download malware into one's computer and to delete the email.

Even Aussie celebrities were not free from online crime targeting this week. The actor Hugh Jackman went on his social media channels on 25 March to warn followers that someone purporting to be him was contacting followers.

He did not post any details of the type of scam but did alert people to not "respond, give money or your personal information".

The actor also said he was working to stop this from happening.