Scam emails that claim to come from reputable organisations are being sent to harvest personal details or to infect your computer with malicious software such as ransomware. Based on previous experience, email-based scams are likely to increase during holiday seasons.
In previous years, scammers have circulated fake email messages with malicious content that claim to be from the Australian Tax Office, AGL and Telstra. They have also used global brands such as PayPal to trick victims into providing personal details.
In many cases, scammers target these emails around events or deadlines that make the scam seem legitimate – such as the due date for submitting your business activity statements.
In years gone by, the Australian Competition and Consumer Commission issued a warning about fake parcel deliveries that involved scammers taking advantage of the busy holiday season to send victims emails about ‘missed parcel deliveries’, purportedly from trusted services such as Australia Post or FedEx.
The ACCC said at the time "the scam emails may be personalised with individuals’ names and addresses, and include logos from the company the emails claim to be from."
"The email may mention a fee will be charged while they hold your undelivered item," ACCC Deputy Chair Delia Rickard said at the time. "Scammers ask you to open an attachment or download a file to retrieve your parcel. If you follow these instructions, an executable file (.exe) will load on to your computer and install ransomware as soon as it is opened."
What is ransomware?
Ransomware is a type of malicious software that handicaps computer functionality, for example, through browser hijacking or encrypting personal data, and offers to restore the functionality for a fee, which is a form of extortion.
Recovery of systems that have been infected with ransomware is almost impossible without clean backups, so prevention is always the best approach.
While there have been reports that files are recovered if the ransom is paid, this does not protect your computer against further attacks. The attacker may simply encrypt your files again, and increase the ransom. For this reason, responding to extortion is not encouraged.
Staying safe
Prevention is the best antidote to ransomware and other malware attacks.
- Use spam filters and be cautious when opening emails, especially if there are attachments.
- Make sure you are using a reputable security software product.
- Make sure it is up-to-date and switched on.
- Make sure your operating system and applications are up-to-date and fully patched.
- Run a full scan of your computer—regularly – or preferably set it to run automatically.
- Use strong and unique passwords.
- Set passwords on all your hardware devices (modems and routers) and change them regularly – never leave the default, factory set password in place – it is usually ‘admin’s
- Back up your data regularly.
- Keep a backup copy of your data in a safe place, disconnected from your computer and the internet, on a device that has been scanned.
- Only visit reputable websites and online services.
The best advice that we can give is that if it looks too good to be true, it probably is. If you receive an email informing you of a package that you didn’t order, question it. If you’re shopping on a new website, check the legitimacy of the site itself.
*Some information in the above article sourced from Scamwatch Australia.