Scammers are using Australia’s bushfire crisis to trick organisations out of thousands of dollars after the disaster sparked a torrent of goodwill, according to InfoTrust.
The cybersecurity firm released a warning this morning, saying it is seeing increasing occurrences of attacks by scammers leveraging the bushfire crisis for their benefit, with some hackers gaining access to organisations’ systems and mailboxes to send fake emails to company suppliers.
The fake emails explain that the sender’s bank has closed due to bushfires and suggests that clients transfer money to an alternative bank account instead, leading recipients to edit invoices to show the email hacker’s bank details, InfoTrust said.
“This kind of attack preys on the goodwill of the Australian public,” InfoTrust CEO Dane Meah said.
“Whenever there are major events or natural disasters, we frequently see the scammers leverage this to their gain.”
Once emails have been sent, scammers delete the emails from from the victim’s ‘sent items’ and set ‘rules’ to ensure colleagues copied in can’t see these new invoices going out, InfoTrust explained.
“Every day we are seeing new and more sophisticated phishing attacks aimed at key personnel within businesses, but this is the first time we’ve heard bushfire being used to help the scammer prove authenticity of the emails being sent,” Meah said.
“It’s human nature to help those in need but this can be easily exploited so it’s important that organisations implement tight controls — be that process or technology — to ensure human goodwill doesn’t unwittingly result in loss of money or sensitive data,” he concluded.