Aussie businesses targeted by new phishing scam
Australian businesses are being targeted by a new tender-themed phishing scam impersonating the Australian government.
On 9 January 2019, threat intelligence platform Anomali uncovered a new tender-themed phishing scam targeting companies allegedly selected by the government to submit tenders for commercial projects.
The document purports to be from the secretary of Infrastructure and Regional Development, Dr Steven Kennedy. The premise behind the scam is to lure users into disclosing their account credentials by registering for eligibility to bid on commercial projects in 2019.
Recipients receive a spam or phishing email containing a seemingly benign notification letter, requesting they submit a tender. The file then instructs the recipient to click on the “Tender” button and register at the Department’s online portal.
“When users click on the link, they are provided with a replica of the Department of Infrastructure, Regional Development, and Cities registration page designed to steal the user’s login credentials,” Anomali warns.
The site requests companies to click on the “Click here to Tender” button located in the middle of page, which leads to an illegitimate private portal for registering and submitting the tender.
“To invoke a sense of urgency, the site claims that the deadline for tender submissions is no later than January 28th, 2019,” Anomali cautions.
The intelligence platform recommends companies establish a cyber security awareness programs with training on how to spot and treat a spam or phishing email. Moreover, it suggests employees exercise caution regarding unsolicited emails, check for telltale signs of phishing and be conscious of their digital footprint.
Anomali has also advised that government entities ensure adequate messaging is presented to make prospective bidders aware of the correct procedures when applying for tenders or bids and provide relevant security warnings of such illegitimate phishing scam campaigns.