Scammers impersonating LinkedIn, Telstra and XERO

itro > IT Security  > Scammers impersonating LinkedIn, Telstra and XERO

Scammers impersonating LinkedIn, Telstra and XERO

Scammers impersonate reputable brands to steal your data:

Cyber-criminals are impersonating LinkedIn Telstra and Xero. Scammers purposefully impersonate reputable brands as they have large customers bases. The larger the brand, the more change potential victims have used services from them.

Are you using a Mail Filtering Solution? Such as itro Mail Scan

  • Yes – great, any emails with the potential to harm your business are blocked from reaching inboxes
  • No – you are not protected, malicious emails are entering your inbox. Staff may unknowingly click a malicious link allowing a cyber criminal access to your network. Once cyber criminals have access to your network they will generally hold your data at ransom demanding large amounts of money

1. LinkedIn- Fake Invitation Request

If you are a LinkedIn User, the below email will look pretty familiar to you. Personally, I know I receive these emails almost daily, reminding me to check any outstanding LinkedIn invitations I have. So receiving this sort of email would ring no sort of alarm bells. 

LinkedIn- Fake Invitation Request

Searching LinkedIn reveals “Professor Barry James Marshall” does not exist and is a bogus account. Many users will unexpectedly click ‘Accept’ prompting to the below page:

LinkedIn Email Scam

The page is well-designed creating legitimacy. The purpose of this phishing email is to hijack the victim’s LinkedIn username and password.

2. Telstra – Fake Payment Request

An email is circulating claiming to be from Telstra, as seen below. This phishing email is more sophisticated because they have registered a phony domain to try and create legitimacy. 

Telstra – Fake Payment Request

Clicking a link then takes you to the below page:

phony Telstra webpage

Once again, the cybercriminals have gone to considerable measures to design a fake page that looks very similar to Telstra’s login page. If the end-user fills in their log-in details they are then directed to the below:

A phony Telstra website

3. Xero invoice scam

Finally, the online accounting platform is being brandjacked in a new phishing attack. See below:

Xero invoice scam

Click the above link directs the user to a Zip File:

Malicious Zip File

Saving a malicious link has the potential to let hackers into your network along with sensitive data.

If you receive an email from any of the above email accounts, do not open it and even more importantly if you do not have a mail filtering solution, please contact us today.

Tips on how to spot an email as illegitimate:

  • Non-personalisation or incorrect personal details
  • Suspicious or hidden email address, therefore, always check domain addresses because Netflix will only ever send an email from a domain of @Netflix.com
  • Misleading hyperlinks. Before clicking any links, hover over it and check the domain it is linking you to and if they look suspicious do not click them and instead refer to the companies website
  • Incorrect domain name, legitimate emails from Bingle have the domain @bingle.com.au
  • Outdated logos and incorrect brand imaging
No Comments

Sorry, the comment form is closed at this time.