Week in review 16 January 2015
PayPal phishing emails started up (again), and again we had criminals using tragic world events to further their own nefarious purposes. A phishing campaign involving Qantas (the national airline carrier of Australia) was unearthed. More gift vouchers scams appeared, this time supposedly from Bunnings. And just for something different, an email popped up late in the week threatening dire consequences if the recipient didn’t validate their Apple account within 24 hours.
PayPal Account Access Limited phishing email
PayPal phishing emails are the flavour of the month (again). This week we extracted a sample of a new PayPal phishing email. There seem to be no end of PayPal phishing email campaigns. This latest campaign comes complete with a very flashy looking email, complete with a slideshow panel. On first appearances, this email looked authentic But looking more closely, there was a pretty big giveaway: the wording of the email was disjointed. Other giveaways were lack of personalisation, links that led to domains that did not even remotely resemble a PayPal domain, and en email domain name that, although similar to a PayPal domain, was not a 100% match.
Terrorist threat used for malware distribution
We have seen a number of tragic events in 2014: the shooting down of MH17, the Ebola epidemic, the Sydney siege and the Paris shootings. These events have all been appropriated by criminals for their own malicious purposes, which are usually aimed at stealing people’s personal information, including credit card details. This week the Australian government site “Stay Smart Online” posted a statement to the effect that emails purporting to show possible future attacks in Sydney actually contained a malicious attachment that installed malware on the victim’s PC. This looked very similar to a phishing campaign earlier this year relating to the Ebola epidemic, where users were sent emails supposedly showing the location of Ebola outbreaks. In reality, the attachments in the email installed the DarkComet malware.
Phishing campaign targets Qantas frequent flyers
Going on holiday is enjoyable for most people, and this time of year is the long break in Australia and New Zealand. So naturally enough, phishing campaigns start up trying to fool people into handing over personal details, such as frequent flyer numbers and attached credit card details. The MailShark email filters this week stopped a swag of emails, supposedly warning users that their Qantas frequent flyer details needed updating. As usual, the recipient was urged to login and update their details. The email stated: “PLEASE UPDATE YOUR QANTAS ACCOUNT INFORMATION” This statement is certainly designed to pressure the recipient to click on the link and (potentially) surrender account information.
Fake Bunnings gift vouchers circulating
Gift vouchers are another scam that featured in 2014. They show no signs of abating in 2015. This week an email stating that the recipient had won a $1000 gift voucher from Bunnings started circulating. The email contained a link, which the recipient was instructed to click on in order to claim the voucher. These scams are widespread, to the point that Bunnings have an entry on their website warning people of the scam
Account temporarily locked phishing email
And finally, another Apple phishing email. This one is pretty dire; if you don’t do something within 24 hours, your account could be terminated. Interestingly enough, the warning time on phishing emails has shortened; last year we had an email that said you had to validate your account information within 48 hours. Apart from having your account terminated, access to iTunes and the App store is also likely to be affected. Of course, this email is a fake. Apple has provided some guidelines on how to identify legitimate emails.