fbpx
mobile-logo

Microsoft, Xero, and AGL Energy Scams

itro > IT Security  > Microsoft, Xero, and AGL Energy Scams
22 Feb

Microsoft, Xero, and AGL Energy Scams

by Sharon Purton
in IT Security, itro News, Scam Alert
Comments

Email scams to look out for

This week scammers are impersonating Microsoft, Xero, and AGL Energy. Scammers commonly impersonate reputable and large brands, such as the above, as they have a large customer base.

Are you using itro Mail Scan?

  • Yes – emails with the potential to harm your business are blocked from reaching your inboxes
  • No – these emails can slip through the cracks and a staff member could click the malicious link. Malicious emails can compromise your entire network

1. Microsoft

The well-designed yet straightforward email claims to be from Microsoft asking you to view a Document.


Source: MailGuard 2017

If you click the link it takes you to a website, designed very similar to the Microsoft page, prompting you to enter your email and password. Your email and password and now in the hands of a cyber-criminal.

Source: MailGuard 2017

Tips for spotting this as a phishing scam email
  • Incorrect domain name, legitimate emails from Bingle have the domain @bingle.com.au
  • Outdated logos
  • Misleading hyperlinks. Before clicking any links, hover over it and check the domain it is linking you to and if they look suspicious do not click them and instead refer to the companies website

2. Xero – Fake Invoice

Poorly designed, the scammer must be hoping to exploit the well known-brand.

Below is the email:

Source: MailGuard 2017

3. QuickBooks – Fake Invoice

This is the second email impersonating QuickBooks in the last week – leading us to believe both scams are released by the same criminals. This email is well-designed but the senders email address is the biggest give away, that this email is a scam.

Source: MailGuard 2017

Tips on how to spot an email as illegitimate:

  • Non-personalisation or incorrect personal details
  • Suspicious or hidden email address, therefore, always check domain addresses because Netflix will only ever send an email from a domain of @Netflix.com
  • Misleading hyperlinks. Before clicking any links, hover over it and check the domain it is linking you to and if they look suspicious do not click them and instead refer to the companies website
No Comments

Sorry, the comment form is closed at this time.