As the end of the financial year sales begin to emerge, so too does the phishing emails.
This month, users need to be on the lookout for a phishing email leading to fake Australia Post accounts, a scam email pretending to be a DHL “delivery attempt” notification and a phishing email with Microsoft and Adobe Spark branding.
We’ve previously written about Australia Post and DHL scams before as they seem to pop up a few times a year in different forms, so they must be effective.
Australia Post Email Scam
There is currently a new phishing scam that looks to be a delivery alert that leads users to fraudulent pages with Australia Post branding.
The email uses a display name of “parcelmonitor” but the email it is sent by does not have the parcelmonitor domain in it, it is from a compromised website.
According to MailGuard, the email body informs recipients their package is ‘stopped’ because ‘$1 shipping cost have not been paid’. It warns recipients that they are being reminded to pay their ‘pending shipping cost’ for the last time, adding that the delivery will be cancelled if the amount is not paid within 48 hours. A link is provided for them to schedule their delivery.
Users that click on the link are led to an automatic redirect, then another page asking users for their delivery preferences such as time of delivery and shipping address. These pages are illegally using Australia Posts branding.
All of the pages look legitimate, with the correct Australia Post branding and logo, however the domain used in the URLs of the pages don’t belong to Australia Post, which is a big red flag that they aren’t legitimate. Always check the URL of any links you are sent.
After the preferred delivery option has been selected, the unsuspecting user is then taken to another page asking for some personal details (name, email address, phone number and of course password).
Once the user has got this far and entered their details, they’ve now given away a lot of sensitive info and probably given away an email address and password combination used in many places, however the scammers aren’t done trying their luck yet, as the end user is then sent to one of a few different pages hosted on different domain names not related to Australia Post asking for credit card details. If the users does indeed enter valid credit card details, they can expect some illegitimate activity on their credit card in the coming days.
DHL Delivery Attempt
MailGuard has intercepted another phishing scam disguised as a DHL delivery alert. One of the first giveaways is the domain in the “from” which doesn’t match an authentic DHL email address.
MailGuard notes the email body uses branding from DHL including its logo. In the email, it says ‘the delivery attempt failed because nobody was present at the shipping address’, warning that if the delivery is not rescheduled or picked up within 72 hours, it will be returned to the sender.
Those who click the link will be sent to a fraudulent website asking for an email address and password to open an Adobe PDF. This is a legitimate looking phishing page using Adobe’s branding and logo to harvest the user’s email address and password. The website is a compromised website hosted on namecheap.
Once users have entered their email address and password they are then redirected to a webpage associated to the email address; so if you had a gmail email address you would be redirected to google.
Phishing email using Microsoft and Adobe Spark branding
Another phishing email intercepted by MailGuard invites recipients to “submit a proposal in accordance with an RFP package”.
This one email looks like it has been sent by a legitimate site, the email actually originates from a compromised email account. The email explains that ‘due to the size of some of the electronic RFP documents’, they have been uploaded onto ‘SharePoint’.
The email would usually come from a contact of the recipient as the email account has been compromised and sent to all users in the contact list. The trusting recipients of the email who click on the link are taken to page in order to “View Proposal”. The webpage has the Adobe Spark log and branding.
If the user clicks on the “View Proposal” button, they will be taken to a web page which looks like a Microsoft 365 login page, however it is using a URL which doesn’t belong to Microsoft. This is actually a phishing website. Upon entering the email address and password, the web page will say the password is incorrect.
At this point the user has given away their email address and password, any subsequent password attempts would also be logged, giving away other passwords which they potentially use. The scammers now have this email and password combination which they can use at many websites, but they will also likely send out the same email from the user’s email address to their address book.
Take Home Message
Well known postal delivery companies such as DHL, FedEx and Australia Post are popular email scams, because they are trusted names with large customer bases.
The timing of these emails is no coincidence, taking advantage of the EOFY sales as many users will be searching for bargains online. The scammers are aware that many people will be expecting a delivery around this time so an email notification from a shipping delivery company regarding a delivery isn’t out of the ordinary and won’t immediately ring any alarm bells. The cybercriminals are preying on the curiosity of DHL and Australia Post customers who may be expecting a package and they are likely to enter their personal details without thinking twice.
Email scams or phishing come in various forms either telling someone they’ve won money; their account has been hacked or prompting a change in password.
If you’ve received an email from a sender that doesn’t seem familiar or a contact has sent you an email with information that doesn’t seem quite right, please flag it with us and we will review it for you.
Every month we will be sharing the latest in email scams courtesy of MailGuard.
To get a more comprehensive understanding of how to spot scam, please refer to one of our previous blogs:
Phishing – Think Before You Click!
Using mail protection software is a great way to control email, and reduce the chance of receiving such scam.
Contact Us
If you are interested in using MailGuard to add an extra layer of security to your email and reduce your risk of being the next victim of a phishing scam, reach out to us today at security@bangitsolutions.com or call us on 1300 770 035.