Contact us

1300 GOCYBER (1300 462 923)

Call or email us today!

Contact details:

Message:

Your message has been sent successfully. Close this notice.

Cyber Insurance Quote Form

Limit of Liability

Company Details

Do you process, transmit or store more than 10,000 financial transactions per year?

Yes No, less than 10,000

Do you use and keep up to date firewalls and anti-virus protection for all systems?

Yes No

Do you use third parties to complete audits of your system and security on a regular basis?

Yes NO

Are all portable devices password protected? (mobile phones, laptops, tablets, etc)

Yes No

Do you have encryption requirements for all data including portable media?

Yes No

Do you have back-up and recovery procedures for business critical systems, data and info assets?

Yes No

Do you outsource any part of your network, including storage?

Yes, we use third party providers. No, all managed in house

Do you store sensitive information on web servers?

Yes No

Do you know of any loss payments, fines or penalties being made on your behalf?

Yes No

Are you aware of any matter which might give rise to a claim or loss under such insurance?

Yes No

Have you suffered any loss or claim but not limited to a regulatory, governmental or administrative action brought against you, or any investigation or information request concerning any handling of personal info?

Yes No

The applicant or any subsidiaries have any knowledge of any loss payments, fines or penalties being made on behalf of any applicant or any person proposed for coverage any cyber policy or similar insurance?

Yes No
Your quote request has been sent successfully, one of our brokers will contact you today! Close this notice.

Business Insurance Quote

Contact details:

Sections

Property & Contents

Yes, please quote No, thank you

Public & Products Liability

Yes, please quote No, thank you

Cyber Liability

Yes, please quote No, thank you

Theft & Money

Yes, please quote No, thank you

Computers & electronic equipment

Yes, please quote No, thank you

Business Interruption

Yes, please quote No, thank you

Machinery Breakdown

Yes, please quote No, thank you
Your quote request has been sent successfully, one of our brokers will contact you today! Close this notice.
1 year ago · by · 0 comments

July Scam Email Roundup

 

It’s time for Cyber Insurance Australia to review some of the new email scams which targeted Australian businesses this July.

Today, as employee education continues to increase, criminals are very fastidious and clever with their malicious email scam attempts. No longer are the email scams poorly worded and as easily spotted by the general public. Criminal organisations are spending considerable amounts of time and money to deceive and scam Australians.

To verify, report or learn more about a scam contact the ATO Scam Report, Stay Smart Online or ScamWatch.

 

Cyber Insurance Australia reduces the costs of cyber crime for your business. 

 

ASIC

As always, ASIC makes it onto the list with another malicious attempt at using their likeness to fool unsuspecting business owners. Each month different email scams using ASIC branding are sent to millions of Australian email addresses with no end in sight. This particular scam as seen below, informs recipients that their business name is due for renewal. Simply click on the included link to download the renewal notice.

 

As you may suspect, the attached file is malicious and once opened could contain a virus, ransomware or other form of malicious software designed to interrupt or damage a system or data. These emails typically look well formatted with official branding from the government body or brand being impersonated.
In this particular email scam the sending address “ASIC.Transaction. No-reply @ asicdesk.com” is fake and the sending officer “Myra Tango” does not appear to exist as an employee at ASIC.

We previously wrote about other ASIC scams in May, April, February and January. It is safe to say that this won’t be the end of this type of ASIC email scam, we recommend discussing typical red flags with all staff to avoid an accidental incident.

ANZ Statement notice

ANZ bank has had a run of very well formatted scam emails targeting their customers during July. The emails inform recipients that their account statement is ready and available to view. Banks within Australian commonly email notifications that account statements are available but with some important differences.

As can be seen in the first screenshot, the body has been well written and the branding is official and taken from legitimate ANZ statement emails. The sender is listed as “statements@ anzcommunications.anz.com” which is the official email address used by ANZ to send their legitimate statement notifications. When hovering over the sender name the actual sending address is “statements@ anzhost.org” which is fake.

Similar to the ASIC scam above, once the recipient clicks the “view statement” button a download is launched which contains malicious software. Malware is designed to steal private information, damage or destroy data and disrupt computer systems.

The below screenshot is a legitimate ANZ statement notification email for comparison. The fake email scam even has the official Australian financial services license details, help desk number and security notice to help establish legitimacy.
Official bank notifications will never include the statement or any attachments. Legitimate ANZ emails will prompt customers to view their statement online using the ANZ banking portal.

Australian banks are regular targets for a number of reasons such as high technology adoption by the Australian public. We previously wrote about similar scams mimicking NAB  and Citibank in past months.

Origin & EnergyAustralia

Both Origin and EnergyAustralia have had another month of email scams targeting Australians. The theme of the scams is to imitate the email invoices sent out regularly by both energy organisations.
In each case this month the branding and legitimate email details have been copied almost perfectly in an effort to dupe recipients. The emails show a typical energy email bill notification showing a random amount and upcoming due date. The scam emails contain different amounts and dates in an attempt to avoid detection from security software.

Both emails have a “view bill” button which downloads a .zip file with malicious Javascript contained within. According to MailGuard, the malicious payload is designed to:

  • Delay the analysis task by a long amount of time.
  • Steal private information from local Internet browsers
  • Install itself for autorun at Windows startup.

Example of EnergyAustralia scam email

Example of EnergyAustralia scam email

 

In some instances the due date has been incorrectly generated as a past date which is one red flag to identifying these scams. Other red flags are the random sending address, for example “noreply@ syrenergy.com”,” reply@globalenergyfinance .com” or “noreply@ energy2u.info”.
Official email billing addresses to keep an eye out for, anything else is fake:

noreply@billing.energyaustraliaonline.com.au

noreply@originenergy.com.au

 

Millions of email scams are circulated daily to unsuspecting business owners and individuals. Awareness is half of the battle against a never ending wave of scams and phishing attempts, the other half is adequate email security.

In the event that your business is impacted by a cyber attack, data breach or email scam, cyber insurance is a cost effective way to mitigate the expenses, reputational damage and financial loss.

 

 

Cyber Insurance Australia Logo

Cyber Insurance Australia reduces the costs of cyber crime for your business. 

 

Share this list with your colleagues to help spread the word before one of these nefarious emails ends up at your business.

The ASIC website offers the following advice for avoiding email scams:

  • Keep your antivirus software up to date
  • Be wary of emails that don’t address you by name or misspell your details and have unknown attachments
  • Don’t click any links on a suspicious email.

Above all we recommend educating employees to recognise suspicious emails and unusual behavior without curiosity getting the best of them.

 

Comments

Not found any comments yet.

Leave a reply

Your email address will not be published, and your website url is not required.

Take care of your business

Insurance for
your business future

Call us today for specialist business insurance packages.

Company information

Naga Risk Solutions Pty Ltd T/as Cyber Insurance Australia ABN 59 378 032 992. CAR 1250594

Authorised Representative for National Advisor Services Pty Ltd t/as Community Broker Network (CBN) ABN 60 096 916 184 | AFSL 233750

Financial Services Guide (FSG), Privacy Policy & Complaints & Dispute Handling, Insurance Brokers Code of Practice (FSG)

Contact details

E-mail address:
contact@cyberinsuranceaustralia.com.au

1300 GOCYBER

1300 462 923

Available 8:30am - 5:00pm

PO Box 1677, Milton LPO
Milton
Brisbane, QLD 4064

Join our monthly newsletter for:

Enter your email and stay up to date,

Subscribe to our monthly newsletter!