Story image

'Dangerous' email scam targets Australians

18 Dec 2015

A new email scam is targeting Australian individuals via the postal service.

Australia Post issued a warning on its website last week alerting the public of the scam, and says it is almost identical to others seen over the last twelve months.  

The email appears to come from Australia Post asking the individual to collect a parcel or pay for storage fees.

A link in the email leads to a fake Australia Post website to ‘download tracking information’, but is in fact the latest version of a type of ransomware: a virus that holds data to ransom unless a fee is paid.

The scam has increased in sophistication over time, using anti-virus defeating techniques and encryption, which makes it harder for internet security products to stop the threat, according to Australia Post.

The timing of this threat is now also coinciding with Christmas parcel deliveries making the scam more dangerous this time of the year, the organisation says.

Rob Collins, WatchGuard Technologies senior systems engineer - APAC, tested the latest sample against 55 anti-virus products, and only one detected the sample as a virus.

Further analysis of the behaviour of the sample revealed it to contain technology to defeat common anti-virus techniques.

The virus itself changes from one hour to the next to look like a new program, aware of the fact that most anti-virus products are updated hourly, he says.

The scam seems to originate in Russia, as all the fake Australia Post websites are actually compromised Russian sites, although the emails themselves are originating from poorly configured mail servers all over the world, according to Collins.

The virus itself is downloaded from Russian cloud service disk.yandex.com using encrypted HTTPS, so unless an individual uses this service it is safe to block it.

“Most companies issue the occasional warning emails about similar types of threats, but spend considerably less effort and time educating temporary and new staff.

“An internet security briefing as part of an onboarding and organisational education programmes is highly recommended with an emphasis on encouraging staff to question anything that looks suspicious,” says Collins.

WatchGuard Technologies advises that consumer-grade firewall or hardware more than three years old should be replaced with newer technology. 

In addition, effective backup capabilities are also essential should data be held to ransom and require recovery.

“This particular scam has resulted in more than  $300 million in earnings for cyber criminals and it’s going to continue to hit Australian businesses in 2016 ,” says Collins.

Why an IT resilient strategy needs to be in the modern CIO’s toolkit
"Having an IT resilience strategy in place allows an organisation to smoothly adjust to change."
Tollring partners with Novum Networks for call analytics
Novum Networks has added the full complement of Tollring’siCall Suite cloud analytics to its product portfolio.
Intel announces “most powerful mobile processors ever”
Improvements in performance, responsiveness and Wi-Fi connectivity will be rolling out for gamers and creators alike.
Software AG launches new cloud-based IT portfolio management tool
“Alfabet FastLane’s out-of-the-box approach absolutely addresses the needs of smaller IT teams."
Slack's 2019 feature roadmap unveiled
Including shared channels across organisations, workflow automation, greater email and calendar integration, and streamlined search.
Data#3 wins learning and development award two years running
Chief Learning Officer magazine’s LearningElite programme honours the best organisations for learning and development.
Avaya partners with Standard Chartered to deliver CX transformation
"Avaya is proud to be supporting this venerable financial institution as it continues to evolve and transform to meet the needs of its clients.”
Hootsuite leads the social engagement charge - Forrester report
“Hootsuite leads the pack with its seller focus and scale,” writes Forrester principal analyst Mary Shea.