Cybercriminals have been out in force this week, targeting Australian inboxes with fake emails purporting to be from Energy Australia and Telstra.
In these attacks, scammers sent out tens of thousands of authentic looking but fake emails, designed to look like bill notices from these service providers.
The criminals behind the scam emails went as far as obtaining fake domain names, energyau[dot]com and telstraq[dot]com, to make the emails look more convincing.
More simply, clicking on the links in these fake emails will install a virus that allows cybercriminals to damage or disable your computer, or access your personal information.
In a separate phishing attack on Tuesday, emails with CommBank branding were sent to try to trick millions of bank customers into giving up their credit card details via a bogus sign-in page.
Financial phishing schemes, which target online payment systems, banks and retailers, now account for nearly half (49.77%) of all phishing attacks, up from 34.33% in 2015, security company Kaspersky Lab said in an ITWire article.
Kapersky Lab reported this year, that China, Australia and Brazil were particularly at risk with up to 28% of users targeted.
The nature of financial phishing attacks is changing too, according to Kapersky.
“The use of smartphones for online banking, payment and shopping has doubled in a year, and mobile users will have less time to think and check each action, particularly if they are out and about,” the company said.
Many of Australia’s service providers have been the subject of phishing or fake email scams, and offer advice on their websites about how to detect dodgy emails.
Telstra’s support page notes that hoax emails may:
The general rule of thumb when opening any email you receive, is to beware of what you click. Don’t click links or reply, don’t provide any personal information and be very wary about opening attachments.
If an email looks dodgy, you can also report it as a scam to the ACCC’s Scamwatch website.