Cyber security specialist InfoTrust is reporting multiple attacks by scammers using the bushfire crisis to their gain. In the most recent examples, hackers have gained access to an organisation’s systems and mailbox to send fake emails to the company’s suppliers.
These fake emails state that due to bushfires the company’s bank has closed and ask that clients transfer money to an alternative bank account. Invoices sent out are then edited to show the email hacker’s bank details.
“This kind of attack preys on the goodwill of the Australian public,” says InfoTrust CEO, Dane Meah, adding “Whenever there are major events or natural disasters, we frequently see the scammers leverage this to their gain.”
Once emails the have been sent, the scammers delete the emails from ‘sent items’ in email inboxes, while setting ‘rules’ to ensure colleagues copied in can’t see these new invoices going out.
“Every day we are seeing new and more sophisticated phishing attacks aimed at key personnel within businesses, but this is the first time we’ve heard bushfire being used to help the scammer prove authenticity of the emails being sent,” adds Meah.
“It’s human nature to help those in need, but this can be easily exploited so it’s important that organisations implement tight controls – be that process or technology – to ensure human goodwill doesn’t unwittingly result in loss of money or sensitive data.”
Email scams and account takeovers are being conducted by UK/Nigerian cyber-gangs with global co-conspirators and the impact is being seen in Australia. The gangs are run like modern corporations, duping unwitting professionals out of millions of dollars annually.