Scam alert – beware of fake emails from these companies

Cybercriminals have been out in force this week, targeting Australian inboxes with fake emails purporting to be from Energy Australia and Telstra.

In these attacks, scammers sent out tens of thousands of authentic looking but fake emails, designed to look like bill notices from these service providers.

The criminals behind the scam emails went as far as obtaining fake domain names, energyau[dot]com and telstraq[dot]com, to make the emails look more convincing.

According to Mailguard, a web security firm whose anti-virus software detected the attacks, “If a recipient clicks on the link in the ‘bill’ email they will be directed to a compromised SharePoint site where they will be invited to download a .zip folder. The zip folder contains a malicious JavaScript file that acts as an agent to automatically download malware to the victim’s computer.”

More simply, clicking on the links in these fake emails will install a virus that allows cybercriminals to damage or disable your computer, or access your personal information.

In a separate phishing attack on Tuesday, emails with CommBank branding were sent to try to trick millions of bank customers into giving up their credit card details via a bogus sign-in page.

Financial phishing schemes, which target online payment systems, banks and retailers, now account for nearly half (49.77%) of all phishing attacks, up from 34.33% in 2015, security company Kaspersky Lab said in an ITWire article.

Kapersky Lab reported this year, that China, Australia and Brazil were particularly at risk with up to 28% of users targeted.

The nature of financial phishing attacks is changing too, according to Kapersky.

“The use of smartphones for online banking, payment and shopping has doubled in a year, and mobile users will have less time to think and check each action, particularly if they are out and about,” the company said.

How to detect fake emails

Many of Australia’s service providers have been the subject of phishing or fake email scams, and offer advice on their websites about how to detect dodgy emails.

Telstra’s support page notes that hoax emails may:

• Be unaddressed, or addressed generically to Dear Customer
• Be badly written with broken sentences, spelling mistakes and grammatical errors
• Show a sender address that is very close to the real company’s address
• Display a suspicious looking URL when you hover over links or buttons you’re asked to click
• Contain an unexpected zip file or other attachment
• Ask for your credit card, account details or personal information
• Display account information that doesn’t match your real details

The general rule of thumb when opening any email you receive, is to beware of what you click. Don’t click links or reply, don’t provide any personal information and be very wary about opening attachments.

If an email looks dodgy, you can also report it as a scam to the ACCC’s Scamwatch website.

Did you receive one of these emails this week? Have you ever fallen victim to an email scam?