Scams alert: Fake AusPost, Amazon, EnergyAustralia and Xero emails
Email scams to look out for
Multiple brand-jacking scams are occurring via a large scale email scam targeting world leading and reputable brands such as AusPost, Amazon, EnergyAustralia and MYOB.
All emails have been intercepted and blocked from reaching your inboxes by itro Mail Scan, powered by MailGuard.
1. AusPost – Xmas Parcel Scam
As you can see below, the email appears legitimate and has copied AusPost’s branding convincingly. This is likely to prompt readers to click the link because scammers are using the holiday season as a vulnerability because people are distracted and more likely to have a parcel on the way.
Source: MailGuard 2017
2. Amazon – Scam Email
Amazon is in the process of launching a range of new services in Australia, the scam is capitalising on the current excitement around the news. The email is an illegitimate confirmation receipt enticing the receiver to click the link opening a zipped malicious JavaScript file. Scammers use JavaScript to infect computers with viruses or install spyware.
Source: MailGuard 2017
3. Energy Australia – Fake Bill
itro MailScan, powered by MailGuard, is intercepting and blocking the below email from reaching users inboxes. If a user clicks a link, they will directed to a JavaScript file containing spyware, ransomware, or viruses.
Source: MailGuard 2017
4. Xero – Fake Invoice
This morning a large-scale email is circulating pretending to be from Xero and as you can see below little attempt has been made to brand the email to make it look legitimate. Unlike the above scams because the scammer is relying on the Xero name to trick receipts.
The email contains a link pretending to be an invoice from an unpaid bill, however the link sends receipts to a JavaScript containing trogan malware.
Where to Next?
For further information, please call itro on 1300 10 3000 or fill in the below details and a technician will be in touch with you.
Tips on how to spot an email as illegitimate:
- Non-personalisation or incorrect personal details
- Suspicious or hidden email address, therefore, always check domain addresses because Netflix will only ever send an email from a domain of @Netflix.com
- Misleading hyperlinks. Before clicking any links, hover over it and check the domain it is linking you to and if they look suspicious do not click them and instead refer to the companies website