Security Market Segment LS
Tuesday, 03 July 2018 14:59

Beware of ordinary-looking, yet absurd, fake Officeworks invoice email

By

Scammers gonna scam, so haters gonna naturally hate the scammers that try simple yet effective ways to take advantage of busy humans as the weakest links.

It's no longer news, is it? Scammers are spamming us with fake emails, featuring fake attachments and fake links that can lead to very real and negative consequences.

A colleague just sent me an email asking if the Officeworks email you can see above was real, or not.

At first glance, it looks legit – there's an invoice for a product that was allegedly purchased, with a link to let you take a look at the supposed invoice.

For a busy business owner, mum, dad, single person, accounts person or frankly, anyone, thinking this email is real and clicking on the link can be a mistake all too easily made.

Obviously, I did not click on the link, but it went to a page called "order" after the domain name seen in the address link above, and it is presumably a site that offers a drive-by download trying to take advantage of a poorly patched computer, or some zero-day vulnerability.

Here's where it's important to have Norton, Trend Micro, Malwarebytes, BitDefender, Kaspersky or some other Internet security software that can try catching this presumably infected page.

You also have software like Trend Micro Internet Security and the Acronis Anti-Ransomware tool, or the compete Acronis backup suite, to help you to identify ransomware as it is encrypting your files, and with Acronis, actually roll back the changes, not just stop them.

But whether you have any such software or not, taking a close look at every email you receive is clearly worth the time.

Garrett O'Hara, Principal Technical Consultant at Mimecast offered us a quote on the situation, stating: "This is another example where the trust in well-known brands is being used to socially engineer people into clicking a link in a phishing email. We hope that end users will see the email doesn't come from Officeworks.Garrett O'Hara, Principal Technical Consultant at Mimecast offered us a quote on the situation, stating:

"This is another example where the trust in well-known brands is being used to socially engineer people into clicking a link in a phishing email. We hope that end users will see the email doesn't come from Officeworks.

"At this time of year phishing campaigns will use branding for well-known online stores given their EOFY sales. Lots of people will be expecting packages so it is easier to fool people. And given we're into tax return time we can expect to see more of the 'ATO refund' emails circulating."

Anyway, let's take a look at the email above (with a larger version below), where we can see the "From:" field says "Officeworks", but purports to be from someone called Scott Graham, at a website named "Project Absurd".

Absurd though that is, it's clearly easy to miss if you aren't paying attention, and there's no guarantee your email software is going to expose the true email address below who it says it is from.

Also it's important to hover your mouse over a link, although try doing that on a smartphone or tablet – even if your smartphone or tablet isn't likely to be the target of such a link.

That said, smartphones and tablets can be attacked via such links and infected pages, too, and various Internet security suites for those platforms can certainly help.

As an example, Trend Micro demonstrated at the Sydney PC and Technology User Group last week that a link opened via the Mail app on an iPhone could be identified by Trend's Safari content blocking extension on iOS - so even such protection can now be afforded to iOS devices too, and not just Androids.

Ultimately, scammers are trying to scam us from all directions, on all devices.

Clearly, you simply can't afford to get complacent, because as always, scammers gonna scam, and we're always going to hate them.

The trick is to win and not get scammed, so stay alert and be alarmed, because even if you're not paranoid doesn't mean they're not out to get you!

 

BUSINESS WORKS BETTER WITH WINDOWS 1O. MAKE THE SHIFT

You cannot afford to miss this Dell Webinar.

With Windows 7 support ending 14th January 2020, its time to start looking at your options.

This can have significant impacts on your organisation but also presents organisations with an opportunity to fundamentally rethink the way users work.

The Details

When: Thursday, September 26, 2019
Presenter: Dell Technologies
Location: Your Computer

Timezones

QLD, VIC, NSW, ACT & TAS: 11:00 am
SA, NT: 10:30 am
WA: 9:00 am NZ: 1:00 pm

Register and find out all the details you need to know below.

REGISTER!

ADVERTISE ON ITWIRE NEWS SITE & NEWSLETTER

iTWire can help you promote your company, services, and products.

Get more LEADS & MORE SALES

Advertise on the iTWire News Site / Website

Advertise in the iTWire UPDATE / Newsletter

Promote your message via iTWire Sponsored Content/News

Guest Opinion for Home Page exposure

Contact Andrew on 0412 390 000 or email [email protected]

OR CLICK HERE!

Alex Zaharov-Reutt

One of Australia’s best-known technology journalists and consumer tech experts, Alex has appeared in his capacity as technology expert on all of Australia’s free-to-air and pay TV networks on all the major news and current affairs programs, on commercial and public radio, and technology, lifestyle and reality TV shows. Visit Alex at Twitter here.

VENDOR NEWS & EVENTS

REVIEWS

Recent Comments