Contact us

1300 GOCYBER (1300 462 923)

Call or email us today!

Contact details:

Message:

Your message has been sent successfully. Close this notice.

Cyber Insurance Quote Form

Limit of Liability

Company Details

Do you process, transmit or store more than 10,000 financial transactions per year?

Yes No, less than 10,000

Do you use and keep up to date firewalls and anti-virus protection for all systems?

Yes No

Do you use third parties to complete audits of your system and security on a regular basis?

Yes NO

Are all portable devices password protected? (mobile phones, laptops, tablets, etc)

Yes No

Do you have encryption requirements for all data including portable media?

Yes No

Do you have back-up and recovery procedures for business critical systems, data and info assets?

Yes No

Do you outsource any part of your network, including storage?

Yes, we use third party providers. No, all managed in house

Do you store sensitive information on web servers?

Yes No

Do you know of any loss payments, fines or penalties being made on your behalf?

Yes No

Are you aware of any matter which might give rise to a claim or loss under such insurance?

Yes No

Have you suffered any loss or claim but not limited to a regulatory, governmental or administrative action brought against you, or any investigation or information request concerning any handling of personal info?

Yes No

The applicant or any subsidiaries have any knowledge of any loss payments, fines or penalties being made on behalf of any applicant or any person proposed for coverage any cyber policy or similar insurance?

Yes No
Your quote request has been sent successfully, one of our brokers will contact you today! Close this notice.

Business Insurance Quote

Contact details:

Sections

Property & Contents

Yes, please quote No, thank you

Public & Products Liability

Yes, please quote No, thank you

Cyber Liability

Yes, please quote No, thank you

Theft & Money

Yes, please quote No, thank you

Computers & electronic equipment

Yes, please quote No, thank you

Business Interruption

Yes, please quote No, thank you

Machinery Breakdown

Yes, please quote No, thank you
Your quote request has been sent successfully, one of our brokers will contact you today! Close this notice.
7 years ago · by · 0 comments

February Malicious Emails To Watch Out For

malicious scam email

Malicious Emails Being Sent In Alarming Volumes

Here is our February 2017 wrap-up of malicious emails making the rounds for Australian businesses.

Cyber risk awareness is slowly growing but still has a long way to go before email phishing scams start to lose the incredible financial incentive. Share this list with your colleagues to spread awareness of recent scams which may come across your email inbox.

To verify, report or learn more about a scam contact the ATO Scam Report or ScamWatch.

 

Citibank

Australian Citibank customers have been the victims of the most elaborate scam email of the past few months involving replica websites and fake SMS security codes. The inclusion of SMS is extremely unusual and indicates the elaborate lengths criminals are taking. The scam itself notifies Citibank customers their account has been ‘temporarily limited’ as a result of invalid online log-in attempts. Customers are directed to follow a link to sign in and restore their online access.

scam email citibank

Customers are then redirected to a very realistic replica of the authentic Citibank website which prompts the user input their User ID and password.

Citibank malicious email

Unfortunate victims who put their details into the replica website are then prompted to verify extra personal information such as their mobile phone number and date of birth.

The next officially branded Citibank page will advise that a “one-time PIN Authentication” has been sent via SMS and advises to wait at least 5 minutes for the code to arrive. This ingenious method replicates the real two-factor authentication security procedure used by Citibank legitimately.  In this time, the scammers have a short window to log in to the real Citibank website disguised as the customer. At this stage the scammer has obtained the User ID and password, allowing them to make any transaction they want which triggers the correct security code to be sent to their victim’s phone. The victim then inputs their security code which goes straight to the scammer and in turn allows them to finalise and transaction they like.

SMS scam citibank

These emails can be exceedingly hard to spot as scammers are putting unseen levels of effort into duping the average recipient. This sophisticated scam tricks visitors into thinking they are dealing with the legitimate Citibank site but in reality the  domain begins with rctproduction.cz which is a Children’s party business in Czech Republic.

Citibank has requested all suspicious emails be sent to spoof@citicorp.com.

Strange Parking Fines

A recent wave of peculiar emails has been reported which has raised a few eyebrows regarding the unpaid bill the recipient apparently failed to settle earlier. Fake parking infringement notices have been circulating for years but this surprisingly low dollar amount is causing curiosity to get the best of some recipients. Sums as low as $1.04 and upward of $100 are showing up with a 50% discount if paid within 14 days. Simply view the attached “ticket” for details and quickly settle the previously unknown fine.

At the time of detection by MailGuard, zero of 64 well-known antivirus vendors had flagged the link as suspicious. as can be seen at virustotal.com

parking ticket malicious

The unbranded email link triggers a malicious software downloader hidden in a seemingly innocuous .zip file. Once enabled, the people behind the email are capable of downloading further malware like ransomware or key-logging software. This scam is very similar to the previous driver infringement notice email we discussed last month.

Australian Taxation Office

Perhaps the most commonly used government department for malicious email scams would have to be the Australian Taxation Office or the ATO. The email in this attempt was sent from ‘basnotification@ato.gov.au’ which appears legitimate but was traced to a compromised SendGrid account which provides bulk email delivery services.  Recipients are greeted with legitimate looking email addresses, formatting, wording and the official government coat of arms.

ATO scam malicious email

If clicked, the suspicious link triggers an automatic download of malicious files hosted on another compromised SharePoint site. Once on your machine, the malicious .zip file executes a JavaScript file which is used to download further malicious software such as ransomware, key-logging software and spyware. The extra layers of legitimacy don’t just fool recipients but are also used to trick antivirus software. Again, at the time of discovery none of the 64 well-known antivirus providers were detecting the link as a potential danger, only MailGuard had reported the suspicious email.

The ATO featured last month with another email, this is yet another perfect example of employee education being key to identifying these emails.

Cyber Insurance Australia Logo

Help protect your business from malicious emails with cyber insurance.

Fake Apple Account Email

An Apple email phishing scam has been discovered which is attempting to trick users into giving away their log-in information with a simple tactic. The malicious email has gone undetected by switching a lot of common letters with Greek alphabet characters ρ, υ and ω in place of p, u and w as can be seen in the screenshot below. Altering characters in this manner can help obfuscate common phrases which would normally be picked up from content filters  in your antivirus.

malicious apple email

The differing letters can clearly be seen in the above screenshot after someone points out the difference but would pass by many recipients unless paying attention. The email states that Apple is updating their user accounts but was not able to update your account and requests the user to do so by clicking the embedded link.

Users are presented with a mirror replica of the apple sign-in page and prompted to enter their account information. The fake sign-in page will also resize and adapt to different device screen sizes such as mobile phones and tablets. This tactic has been around for many years but clearly the method has not died out yet as it still nets results and warrants effort for cyber criminals.

Cyber Insurance Australia Logo

Help protect your business from malicious emails with cyber insurance.

That is our February list of malicious emails to keep a look out for. Each month we will be updating and reporting new malicious emails making the rounds for Australia Businesses.

Thanks to MailGuard, subscribe to the security blog for regular updates here.

Share this list with your colleagues to help spread the word before one of these nefarious emails ends up at your business.

Comments

Not found any comments yet.

Leave a reply

Your email address will not be published, and your website url is not required.

Take care of your business

Insurance for
your business future

Call us today for specialist business insurance packages.

Company information

Naga Risk Solutions Pty Ltd T/as Cyber Insurance Australia ABN 59 378 032 992. CAR 1250594

Authorised Representative for National Advisor Services Pty Ltd t/as Community Broker Network (CBN) ABN 60 096 916 184 | AFSL 233750

Financial Services Guide (FSG), Privacy Policy & Complaints & Dispute Handling, Insurance Brokers Code of Practice (FSG)

Contact details

E-mail address:
contact@cyberinsuranceaustralia.com.au

1300 GOCYBER

1300 462 923

Available 8:30am - 5:00pm

PO Box 1677, Milton LPO
Milton
Brisbane, QLD 4064

Join our monthly newsletter for:

Enter your email and stay up to date,

Subscribe to our monthly newsletter!