Two major Australian brands, Telstra and Commonwealth Bank, have been targeted by scammers in a bid to dupe users into downloading malware to their computers or giving up credit card details.
The scam emails were spotted by email securirty provider MailGuard.
In the case of the scam email using the Telstra brand, users were sent an email containing a bogus bill that used many elements similar to the geniune Telstra brand.
Anyone who clicked on the link within the email would be taken to a Microsoft Sharepoint site where a zip folder was listed; downloading this meant that a JavaScript file would be given entry to the PC in question.
{loadposition sam08}And this would download malware to the user's PC.
The fake Telstra bill.
The scammers sent the email from the domain telstraq (dot) com, which was registered on 19 November in China, MailGuard said.
And the displayed name of the sender — telstraemailbill_noreply[at]online[dot]telstraq[dot]com — added to its authenticity.
The Commonwealth Bank scam email contained a genuine looking advisory about changes claimed to be made in the user's NetBank Account.
Claiming that the data in the user's profile has been changed, the email asks them to log in to complete so-called security measures. Anyone who follows the login link, is taken to another page where they are asked for their bank login details.
The advisory purporting to be from Commonwealth Bank.
And then follows another page asking for credit card details in order to confirm their identity.
"Brandjackers are cyber criminals who use trusted brand names and logos to lull scam victims into a false sense of security," MailGuard said.
"Brandjacking is a form of cyber crime that is harmful not only to the victims of these sort of fake emails, but also to the companies whose brands the scammers exploit."
Screenshots: courtesy MailGuard