This post first appeared on LinkedIn, published by Dan Weis, Head of Security and Lead Penetration Tester, Kiandra IT
We have been following a series of fast break phishing emails that have seen Telstra, the ATO, GoVia and ASIC being impersonated by cyber-criminals. Please be aware of them and be cautious when opening emails you are not sure of, or not expecting. If it seems too good to be true, it probably is!
Telstra Bill Scam
The Telstra bill scam, ‘Telstra Bill – Arrival Notification’ emanates from this address email@example.com
The current Telstra bill scam links to a compromised SharePoint site hosting a .ZIP file with a malicious JS file. The sending domain was registered yesterday in China. Its purpose is to steal credentials.
ATO Penalty Notice
Another new ATO scam appeared overnight with the subject: ‘ATO Penalty Notice’. The display name is the Australian Taxation Office and it links to .ZIP containing .jar file
GoVia eToll (QLD Specific)
Look out for a GoVia eToll email scam. It’s well formatted and it claims ‘Your go via tax invoice is now available for download.’ Details to follow.
The GoVia email scam display name is firstname.lastname@example.org and links to a compromised SharePoint site hosting a malicious JS file.
ASIC Messaging Service
This one I just received this morning, it’s well formatted, and uses the usual similar domain name trick.
It claims to be from ASIC and is requesting a business name renewal. It redirects you to this address: http://eoaclk.com/iy3vCi2sdb/[emailaddress]. Domain is hosted in AWS.
We strongly recommend that you take this opportunity to remind staff to always be vigilant when opening emails — whether opening attachments or clicking links. Staff should carefully review all links, sender details, look for grammatical errors that typically occur in hoax emails, and again exercise extreme caution when opening attachments.
Bottom line — stay vigilant and if in doubt, throw it out!