New Australian Phishing Scams

We have been following a series of fast break phishing emails that have seen Optus, Netflix, Microsoft and Invoice2go being impersonated by cyber-criminals.

Please be aware of them and cautious when opening emails you are not sure of, or not expecting. If it seems too good to be true, it probably is!

Optus Phishing Emails

Mailguard are warning about continual malicious Optus emails infiltrating inboxes. The scam appears in several different variations, all using the domain ‘optusnet.com.au’. All variations are designed to result in the same goal, tricking the recipient into running a malicious file – example below.

One of the tell-tale signs from this email scam is does not address recipients directly (e.g. “Dear Customer”), also with any instruction to click a link to perform an action, hover over it first to see where you’re really being directed.
optus.jpg
 
Netflix scam campaigns

This is not the first Netflix based scam MailGuard has seen recently. Netflix is a well trusted company with a huge customer database, so their branding makes a good lure for cybercriminals looking to deceive.

Despite mimicking the company's logo and branding, the emails do contain some red flags that point to its illegitimacy. Bad grammar or misuse of punctuation and poor-quality or distorted graphics is high on the list, dears. 

 netflix.jpg

Invoice2Go scam

A new email scam impersonating the popular invoicing app, Invoice2Go, is hitting Australian inboxes. The email advises the recipient that their ‘invoice has not been opened yet' and includes a link to view the invoice. Don’t click the link – get full details on the scam

Invoice2Go.jpg

More Xero scam campaigns

Popular cloud accounting company Xero has once again been spoofed in an email scam due to cybercriminals sending hoax invoice notifications purporting to be from the company to users. Eagle-eyed recipients will notice that real Xero invoices commonly use a PDF attachment rather than a link to an external website.
 
Another easy way to check potentially-suspicious emails is to hover your mouse over the sender’s address. This will reveal more about the real sending domain.

In this particular scam, cybercriminals have tried to make the email look as legitimate as possible by including a note at the end warning users about the increasing frequency of fake invoice emails purporting to be from Xero. Reverse psychology?

xero.jpg

Always be vigilant when opening emails — whether opening attachments or clicking links. Carefully review all links, sender details, look for grammatical errors that typically occur in hoax emails, and again exercise extreme caution when opening attachments.

Bottom line — stay vigilant and if in doubt, throw it out! Get in touch with our team to learn how the experts at Kiandra IT can ensure that you're safe.