Week in review 13 March 2015
This week we had an assortment of Apple phishing emails and a sort of Apple phishing email. Fake tax notices were used to coax people into downloading ransomware. Read on to see our week in review. As always, you can click on a link to see the story in full, together with screenshots of the phishing emails in question.
Validate Apple ID phishing email says
Apple is “not completely satisfied with your account information” so please click on a link and update it. That was the reason given by our first phishing email of the working week. Actually, the phishing email was one of the more sophisticated emails received this week. The email actually contained some genuine links back to the Apple site. But the key link, urging the user to update their Apple details, led to a phishing site.
Fake reassessment notice installs CryptoLocker
This week emails started appearing (supposedly from the NSW Office of State Revenue) that implied the recipient was liable for extra tax. A single button located within the email was provided, however, this button contained a link to a malicious site that installs a variant of CryptoLocker on the victim’s PC. This campaign has similarities to a fake speeding fine scam that circulated in 2014.Both are fake (but very nasty).
Phishing email says Verify Account Now
What are you waiting for? Actually, you might want to wait, and check the credentials of this email. This one targeted Apple users, more or less, although a Groupon copyright notice was affixed to the bottom of the email. This email does look like it was cobbled together out of spare bits and pieces. It is a fake.
Personal Account Suspended please fix
This phishing email was more exact in terms of who was being targeted. This one was definitely targeting Apple users. Just to give it a little more impetus, the word iCloud was thrown in. Remember the well known Jennifer Lawrence hack? We suspect the criminals here were seeking to prey on the perceived possibility the user’s iCloud account has been hacked. It was actually a moderately complex phishing email. Still a fake though.
Westpac account temporarily shutdown
To round off the week we noticed more emails targeting Westpac users. These emails were very basic in appearance. No logos, just a single link. The reason for the email is apparently to warn the user of possible fraudulent use of their account. Once again, it is a scam. The link in the email leads back to a phishing site that will steal banking credentials.
Scott Reeves
MailShark
Free anti-spam service
Free email filter service