Be wary of online scams as the holiday season approaches

18 November 2016

Be wary of online scams as the holiday season approaches: Alert Priority Moderate

Scam emails that claim to come from reputable organisations are being sent to harvest personal details or to infect your computer with malicious software such as ransomware. Based on previous experience, email-based scams may increase during the 2016 holiday season.

In recent months, scammers have circulated fake email messages with malicious content that claim to be from the Australian Tax Office, AGL and Telstra. They have also used global brands such as PayPal to trick victims into providing personal details.

In many cases, scammers target these emails around events or deadlines that make the scam seem legitimate – such as the due date for submitting your business activity statements.

Shortly before Christmas 2015, the Australian Competition and Consumer Commission issued a warning about fake parcel deliveries that involved scammers taking advantage of the busy holiday season to send victims emails about ‘missed parcel deliveries’, purportedly from trusted services such as Australia Post or FedEx.

The ACCC said last year the scam emails may be personalised with individuals’ names and addresses, and include logos from the company the emails claim to be from.

“The email may mention a fee will be charged while they hold your undelivered item,” ACCC Deputy Chair Delia Rickard said at the time. “Scammers ask you to open an attachment or download a file to retrieve your parcel. If you follow these instructions, an executable file (.exe) will load on to your computer and install ransomware as soon as it is opened.”

What is ransomware? 
Ransomware is a type of malicious software that handicaps computer functionality, for example, through browser hijacking or encrypting personal data, and offers to restore the functionality for a fee, which is a form of extortion.

Recovery of systems that have been infected with ransomware is almost impossible without clean backups, so prevention is always the best approach.

While there have been reports that files are recovered if the ransom is paid, this does not protect your computer against further attacks. The attacker may simply encrypt your files again, and increase the ransom. For this reason, responding to extortion is not encouraged.

Staying safe

Prevention is the best antidote to ransomware and other malware attacks.

  • Use spam filters and be cautious when opening emails, especially if there are attachments.
  • Make sure you are using a reputable security software product.
  • Make sure it is up-to-date and switched on.
  • Make sure your operating system and applications are up-to-date and fully patched.
  • Run a full scan of your computer regularly, or preferably set it to run automatically.
  • Use strong and unique passwords.
  • Set passwords on all your hardware devices (modems and routers) and change them regularly – never leave the default, factory set password in place – it is usually ‘admin’.
  • Back up your data regularly.
  • Keep a backup copy of your data in a safe place, disconnected from your computer and the internet, on a device that has been scanned.
  • Only visit reputable websites and online services.

More informationStay Smart Online has more information on recognising scam emails, as well as information on protecting against ransomware attacks.

The information provided here is of a general nature. Everyone’s circumstances are different. If you require specific advice you should contact your local technical support provider.

Thank you to those subscribers who have provided feedback to our Alerts and Newsletters. We are very interested in your feedback and where possible take on board your suggestions or requests.

This information has been prepared by Enex TestLab for the Attorney General’s Department (‘the Department’). It was accurate and up to date at the time of publishing.
This information is general information only and is intended for use by private individuals and small to medium sized businesses. If you are concerned about a specific cyber security issue you should seek professional advice.
The Commonwealth, Enex TestLab, and all other persons associated with this advisory accept no liability for any damage, loss or expense incurred as a result of the provision of this information, whether by way of negligence or otherwise.
Nothing in this information (including the listing of a person or organisation or links to other web sites) should be taken as an endorsement of a particular product or service.
Please note that third party views or recommendations included in this information do not reflect the views of the Commonwealth, or indicate its commitment to a particular course of action. The Commonwealth also cannot verify the accuracy of any third party material included in this information.

Email:” style=”text-decoration:underline;”>
You are receiving this message at the address
If you no longer wish to receive this information, you can unsubscribe.


© 2016 Australian Government. All rights reserved