Residents of New South Wales (NSW) have been hit by a new email scam masked as a direct email from the State’s Roads & Maritime Services department.
The attack is the second in a week impersonating a government agency, following the Australian Securities & Investments Commission (ASIC) scam which targeted tens of thousands of addresses.
The cyber criminal campaign has been described by email filtering company MailGuard as “well formatted and not easy to spot as a fake."
The company said it mimics an ‘E-Toll account statement’ and carries the actual branding for Roads & Maritime, the logo for NSW Transport, Roads & Maritime Services, and a realistic privacy statement, recycling message and other appropriate language.
The emails are designed so that the sender display name changes in each email, followed by the word E-Toll, for example ‘From: Rosalee E-Toll.’
But one of the key giveaways for those on the lookout for malicious emails is the addresses - or lack thereof.
“While this scam is well executed with accurate branding and language, it doesn’t address recipients by name, rather it is simply addressed to ‘Dear Valued Customer,’ nor does it carry any other personalised information,” MailGuard said in a statement on the company website.
MailGuard added that while the exact type of malware isn’t clear, it could be anything from a virus to ransomware.
Cyber criminals are expanding spam campaigns to the point that a number of these “well-crafted attacks” have occurred in the last few months.
On 10 May, emails carrying Origin Energy Branding and featuring the subject heading, “You Origin Electricity bill”, hit Australian inboxes in a similar scam designed to get the recipient to download malicious files.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.