Apple, Xero and Go Via Scams

Last month Apple, Xero and Go Via were among the companies whose brands were hijacked by scammers, with phishing email campaigns using the businesses’ brands to dupe local recipients.

On 19 March, email filtering and security company, MailGuard, said in a blog post that it had spotted a phishing scam using Apple branding and employing a “well made” fake Apple login screen.

According to MailGuard, the fake Apple website is hosted at www.appleid.apple(dot)com(dot)appsupportmail(dot)com, with the design of the page quite convincing.

If the recipient of the dodgy fake Apple email clicked on the link in the message, they are taken to the fake login page where their credential data would be harvested. MailGuard said its analysis of the phishing campaign suggests that the messages were sent from the email domain ‘@applemail(dot)email’ which is hosted with Google mail, meaning it can pass certain authentication tests and, as such, is likely to penetrate multiple inboxes.

On 22 March, MailGuard revealed it had spotted another wave of dodgy emails exploiting the brand of cloud accounting provider, Xero. MailGuard flagged an earlier wave of Xero-branded phishing emails as recently as February. The latest wave of fake Xero-branded emails are meant to look like invoice notifications sent through the Xero accounting platform, MailGuard said in a blog post. “The criminals who are operating this scam appear to have registered four new domains: xerocentral[dot]com, xero-fx[dot]com, xerogroup[dot]org and xeromobile[dot]net with a Chinese registrar on 21 March,” MailGuard said in its blog post.

MailGuard warned that the individual messages sent out in the latest phishing campaign bear real business names, with the names used in the ‘subject’ fields of the email messages. The objective of this email is to get the recipient to click on a link that will direct them to a hidden JavaScript malware file.

Just a day earlier, MailGuard said it had detected an email scam impersonating Queensland eToll operator Go Via involving messages designed to look like a real Go Via statement notification, with logo branding. “This scam is being sent from multiple email accounts,” MailGuard said in a blog post. “The message contains malicious links that point to compromised websites intended to harvest the personal data of victims.”

The phishing campaigns picked up by MailGuard in the past week came as Consumer Affairs Victoria warned that it had received a number of reports of a possible hacking scam targeting certain industries, including real estate agents and builders. “In most instances, a client received an email from the business they were dealing with, which included details of an account to make a payment to,” Consumer Affairs Victoria said in a statement. “Shortly afterwards, they received a second communication from the same email address, telling them that the business had just updated their account details, and to pay into a new account,” it said.