Scams alert: Fake AusPost, Amazon, EnergyAustralia and Xero emails

itro > IT Security  > Scams alert: Fake AusPost, Amazon, EnergyAustralia and Xero emails

Scams alert: Fake AusPost, Amazon, EnergyAustralia and Xero emails

Email scams to look out for

Multiple brand-jacking scams are occurring via a large scale email scam targeting world leading and reputable brands such as AusPost, Amazon, EnergyAustralia and MYOB.

All emails have been intercepted and blocked from reaching your inboxes by itro Mail Scan, powered by MailGuard.

1. AusPost – Xmas Parcel Scam

As you can see below, the email appears legitimate and has copied AusPost’s branding convincingly. This is likely to prompt readers to click the link because scammers are using the holiday season as a vulnerability because people are distracted and more likely to have a parcel on the way.

Source:  MailGuard 2017

2. Amazon – Scam Email

Amazon is in the process of launching a range of new services in Australia, the scam is capitalising on the current excitement around the news. The email is an illegitimate confirmation receipt enticing the receiver to click the link opening a zipped malicious JavaScript file. Scammers use JavaScript to infect computers with viruses or install spyware. 

Source: MailGuard 2017

3. Energy Australia – Fake Bill

itro MailScan, powered by MailGuard, is intercepting and blocking the below email from reaching users inboxes. If a user clicks a link, they will directed to a JavaScript file containing spyware, ransomware, or viruses.

Source: MailGuard 2017

4. Xero – Fake Invoice

This morning a large-scale email is circulating pretending to be from Xero and as you can see below little attempt has been made to brand the email to make it look legitimate. Unlike the above scams because the scammer is relying on the Xero name to trick receipts. 

The email contains a link pretending to be an invoice from an unpaid bill, however the link sends receipts to a JavaScript containing trogan malware. 

Where to Next?

For further information, please call itro on 1300 10 3000 or fill in the below details and a technician will be in touch with you.

Tips on how to spot an email as illegitimate:

  • Non-personalisation or incorrect personal details
  • Suspicious or hidden email address, therefore, always check domain addresses because Netflix will only ever send an email from a domain of @Netflix.com
  • Misleading hyperlinks. Before clicking any links, hover over it and check the domain it is linking you to and if they look suspicious do not click them and instead refer to the companies website
No Comments

Sorry, the comment form is closed at this time.