New wave of Aussie phishing scams impersonate AFP, Telstra, ATO, Spotify and GoVia

A spate of phishing scams hijacking brands such as Telstra, Spotify, GoVia and government agencies including the Australian Federal Police (AFP) and the Australian Taxation Office (ATO) have swamped Australian inboxes during the past week.

During the past few days a number of small to large phishing scams have been picked up and blocked by email filtering firm, MailGuard.

Fake financial notices impersonating Telstra, the ATO and Queensland toll road payments provider, GoVia, were doing the rounds on Wednesday 13 September.

According to MailGuard, the brand equity and broad customer base of these companies helped facilitate click-throughs for the perpetrators behind the scams.

The fake Telstra emails had a link to access a bill, and were written in plain text without any logos or anything that actually resembles correspondence from the telco giant.

However, it contained disclaimers about privacy protection and non-solicitation of payment details via email, which may be enough to convince recipients of its legitimacy.

The new wave of scams follow a previous round of sophisticated fake Telstra emails, were identified on 5 September containing a link to “Your new Telstra bill is attached by link”.

Meanwhile, the fake GoVia emails asked recipients to view a statement, with sending domains of the Telstra and GoVia messages registered in China just a few days ago, according to MailGuard.

Both emails’ links go to a compromised SharePoint site hosting a .ZIP file containing malicious JS files.

In addition, the fake ATO email was a “penalty notice” with a .zip attachment containing a Java Archive payload, which is known to open a backdoor to the computer once installed.

“All are designed to dupe recipients into opening the .ZIP attachments with a view to downloading malicious software, or to steal sensitive personal information that can be used in a later attack,” MailGuard said in a blog post.

In July, an email scam targeting Microsoft Windows users was impersonating the ATO.

As reported by ARN, during that round of scams, the sender pretended to be forwarding a document from the ATO supposedly intended for the end victim.

The sender claimed to have mistakenly received the victim’s tax information and asks what should be done to solve the problem.

By asking the recipients if they received a particular document with a link to the document in question, the scam lured the person into clicking on a link to a document loaded with malware.

Meanwhile, during the past week, the Australian Communications and Media Authority warned Spotify Premium account users of another email phishing scam.

With the subject “Your Spotify Premium payment isn't working”, the email asked users to update billing details through a link to a fake sign-in page “almost identical to the real Spotify website”.

According to ACMA, the first page requested the potential victim Spotify credentials, the second page asked them to hand over personally identifying information such as address, date of birth and their credit card information.

And the latest round of attacks doesn't stop there, with the Australian Federal Police (AFP) using Twitter to warn people about another scam, this time acting as the AFP.

AFP said that a dodgy 'traffic intrusion notice' circulating reads - “Don't open it. Delete it and delete it again".