Phishing Emails Spoof Australia's Cyber Security CenterMessages Contain Malware, Attempt to Steal Banking Credentials
The Australian Cyber Security Center is warning that fraudsters have recently started sending phishing emails that spoof the agency and contain malware designed to steal banking credentials.
In an alert, the agency notes hackers posing as ACSC employees are sending emails requesting that recipients download antivirus software. When the victim clicks on a link, malicious code that can steal banking credentials is downloaded onto the compromised device.
The fraudsters also are using spoofed phone numbers to directly call the victims to ask them to download certain applications. "The scammer then attempts to persuade recipients to take actions, such as enter a URL into a browser and access online banking services, which then compromises their computer to reveal banking information," the agency notes.
Security experts warn that fraudsters and cybercriminals are increasingly using spoofed websites of government institutions, as well as trusted brand names, to add credibility to their phishing campaigns.
In November, for example, the FBI identified nearly 100 spoofed websites that use some version of the bureau's name. These could be leveraged for disinformation campaigns or credential theft (see: Fraudsters Spoof FBI Domain).
"This latest attempt to impersonate a known and trusted government agency provides a great opportunity to remind everyone that government agencies never email or call people and ask them to download software," says Tom Pendergast, chief learning officer at security firm MediaPro.
Hank Schless, senior manager for security solutions at security firm Lookout, notes that many hackers are moving beyond phishing emails to voice phishing, or vishing, and SMS phishing, or smishing, to target vulnerable victims.
In August, the FBI and the U.S. Cybersecurity and Infrastructure Security Agency warned that hackers were increasingly using vishing to target employees working from home due to the COVID-19 pandemic in an attempt to steal credentials (see: Alert: Vishing Attacks Are Surging).
That same month, the ACSC issued its own warning that phone scammers were impersonating government agencies and Australian businesses in an effort to harvest personal information.
"Attackers frequently pose as local government officials or IT support team members to build trust with the target," Schless says. "Once the attacker has established trust, the target will exercise less caution and feel pressure to follow the malicious actor's directions."
Other Spoofing Cases
In December, security firm Ironscales warned of a spear-phishing campaign that spoofed the official Microsoft.com domain name and targeted users of the company's Office 365 suite (see: Fresh Spear-Phishing Email Spoofs Microsoft Domain).
Also in November, researchers at Abnormal Security uncovered a phishing campaign that spoofed the U.S. Internal Revenue Service domain in an attempt to trick targeted victims into sending money to fraudsters (see: IRS Domain Spoofed in Fraud Campaign ).