IT Brief Australia - Technology news for CIOs & IT decision-makers
Story image
'Dangerous' email scam targets Australians
Fri, 18th Dec 2015
FYI, this story is more than a year old

A new email scam is targeting Australian individuals via the postal service.

Australia Post issued a warning on its website last week alerting the public of the scam, and says it is almost identical to others seen over the last twelve months.

The email appears to come from Australia Post asking the individual to collect a parcel or pay for storage fees.

A link in the email leads to a fake Australia Post website to ‘download tracking information', but is in fact the latest version of a type of ransomware: a virus that holds data to ransom unless a fee is paid.

The scam has increased in sophistication over time, using anti-virus defeating techniques and encryption, which makes it harder for internet security products to stop the threat, according to Australia Post.

The timing of this threat is now also coinciding with Christmas parcel deliveries making the scam more dangerous this time of the year, the organisation says.

Rob Collins, WatchGuard Technologies senior systems engineer - APAC, tested the latest sample against 55 anti-virus products, and only one detected the sample as a virus.

Further analysis of the behaviour of the sample revealed it to contain technology to defeat common anti-virus techniques.

The virus itself changes from one hour to the next to look like a new program, aware of the fact that most anti-virus products are updated hourly, he says.

The scam seems to originate in Russia, as all the fake Australia Post websites are actually compromised Russian sites, although the emails themselves are originating from poorly configured mail servers all over the world, according to Collins.

The virus itself is downloaded from Russian cloud service disk.yandex.com using encrypted HTTPS, so unless an individual uses this service it is safe to block it.

“Most companies issue the occasional warning emails about similar types of threats, but spend considerably less effort and time educating temporary and new staff.

“An internet security briefing as part of an onboarding and organisational education programmes is highly recommended with an emphasis on encouraging staff to question anything that looks suspicious,” says Collins.

WatchGuard Technologies advises that consumer-grade firewall or hardware more than three years old should be replaced with newer technology.

In addition, effective backup capabilities are also essential should data be held to ransom and require recovery.

“This particular scam has resulted in more than  $300 million in earnings for cyber criminals and it's going to continue to hit Australian businesses in 2016 ,” says Collins.