Scammers impersonating LinkedIn, Telstra and XERO
Scammers impersonate reputable brands to steal your data:
Cyber-criminals are impersonating LinkedIn Telstra and Xero. Scammers purposefully impersonate reputable brands as they have large customers bases. The larger the brand, the more change potential victims have used services from them.
Are you using a Mail Filtering Solution? Such as itro Mail Scan
- Yes – great, any emails with the potential to harm your business are blocked from reaching inboxes
- No – you are not protected, malicious emails are entering your inbox. Staff may unknowingly click a malicious link allowing a cyber criminal access to your network. Once cyber criminals have access to your network they will generally hold your data at ransom demanding large amounts of money
1. LinkedIn- Fake Invitation Request
If you are a LinkedIn User, the below email will look pretty familiar to you. Personally, I know I receive these emails almost daily, reminding me to check any outstanding LinkedIn invitations I have. So receiving this sort of email would ring no sort of alarm bells.
Searching LinkedIn reveals “Professor Barry James Marshall” does not exist and is a bogus account. Many users will unexpectedly click ‘Accept’ prompting to the below page:
The page is well-designed creating legitimacy. The purpose of this phishing email is to hijack the victim’s LinkedIn username and password.
2. Telstra – Fake Payment Request
An email is circulating claiming to be from Telstra, as seen below. This phishing email is more sophisticated because they have registered a phony domain to try and create legitimacy.
Clicking a link then takes you to the below page:
Once again, the cybercriminals have gone to considerable measures to design a fake page that looks very similar to Telstra’s login page. If the end-user fills in their log-in details they are then directed to the below:
3. Xero invoice scam
Finally, the online accounting platform is being brandjacked in a new phishing attack. See below:
Click the above link directs the user to a Zip File:
Saving a malicious link has the potential to let hackers into your network along with sensitive data.
If you receive an email from any of the above email accounts, do not open it and even more importantly if you do not have a mail filtering solution, please contact us today.
Tips on how to spot an email as illegitimate:
- Non-personalisation or incorrect personal details
- Suspicious or hidden email address, therefore, always check domain addresses because Netflix will only ever send an email from a domain of @Netflix.com
- Misleading hyperlinks. Before clicking any links, hover over it and check the domain it is linking you to and if they look suspicious do not click them and instead refer to the companies website
- Incorrect domain name, legitimate emails from Bingle have the domain @bingle.com.au
- Outdated logos and incorrect brand imaging