Fake Australia Post and AGL emails used to spread ransomware

18 August 2016

Fake AGL and Australia Post emails used to spread ransomware: Alert Priority High

CERT Australia is warning that fake emails claiming to be from Australia Post and AGL are being used to spread ransomware to unsuspecting recipients.

The emails are being used to infect computers with the TorrentLocker ransomware, which criminals use to extort payment from users by encrypting files on a computer system and demanding a ransom for the key to unlock the files.

The fake AGL email has the subject line ‘Electricity usage’ and a number up to eight digits long. The email body includes an amount supposedly incurred for electricity usage charges and an ‘AGL reference number’ the same as the number cited in the email subject line.

The email incorporates two web links: one that purportedly directs users to the details of their usage charges and one that directs users to ‘view current bill’. However, anyone who clicks on either of these links risks infecting their computer with the TorrentLocker ransomware.

A screenshot of the fake AGL email is posted below:

The fake Australia Post email has the subject line ‘You have to update your shipping address’ and claims that a ‘mailman’ has not delivered a parcel because the recipient was absent. The email includes a web link that claims to direct the email recipient to a web page where they can print a label. A second web link claims to direct the recipient to ‘further information’. However, as with the fake AGL email, anyone who clicks on either of these links risks infecting their computer with the TorrentLocker ransomware.

A screenshot of the fake Australia Post email is posted below:

Staying safe 
Prevention is the best means of staying safe from ransomware and other malicious software (malware) attacks.

  • Use spam filters and be cautious when opening emails, especially if there are attachments.
  • Make sure you are using a reputable security product.
  • Make sure it is up-to-date and switched on.
  • Make sure your operating system and applications are up-to-date.
  • Run a full scan of your computer—regularly.
  • Set and use strong and unique passwords.
  • Set passwords on all your hardware devices (including modems and routers).                
  • Back up your data regularly, once a month for example or every week if you have a lot of information on your computer or network.
  • Keep a backup copy of your data in a safe place, disconnected from your computer and the internet.
  • Only visit reputable websites and online services.
  • Most up-to-date security software should identify and block ransomware.

The major problem with encryption based ransomware is that once your computer has become infected, the only way to safely recover your files is from a clean backup, assuming your backup has not also been encrypted. Stay Smart Online recommends you do not pay a ransom for the key as you may forfeit your money and still not receive your files. You may also be a target for further attacks in future as the criminals may specifically target those who are willing to pay the ransom.

If you have a clean back up of your data, you can use this to restore your files once you have re-established your system, free of infection. Stay Smart Online also recommends seeking professional, technical advice if you are unsure how to backup or restore your system.

Reporting cybercrimes
If your computer has been compromised, you can report the incident to the Australian Cybercrime Online Reporting Network (ACORN).

ACORN provides information on how to recognise and avoid common forms of cybercrime, such as hacking, online scams, online fraud, identity theft, attacks on computer systems and illegal or prohibited content, as well as offering advice to those who have fallen victim.

ACORN makes it easier and more convenient to report cybercrime to a law enforcement agency.

More informationStay Smart Online has issued previous Alerts about TorrentLocker, including this one.

The information provided here is of a general nature. Everyone’s circumstances are different. If you require specific advice you should contact your local technical support provider.

Thank you to those subscribers who have provided feedback to our Alerts and Newsletters. We are very interested in your feedback and where possible take on board your suggestions or requests.

This information has been prepared by Enex TestLab for the Department of Communications (‘the Department’). It was accurate and up to date at the time of publishing.
This information is general information only and is intended for use by private individuals and small to medium sized businesses. If you are concerned about a specific cyber security issue you should seek professional advice.
The Commonwealth, Enex TestLab, and all other persons associated with this advisory accept no liability for any damage, loss or expense incurred as a result of the provision of this information, whether by way of negligence or otherwise.
Nothing in this information (including the listing of a person or organisation or links to other web sites) should be taken as an endorsement of a particular product or service.
Please note that third party views or recommendations included in this information do not reflect the views of the Commonwealth, or indicate its commitment to a particular course of action. The Commonwealth also cannot verify the accuracy of any third party material included in this information.

Facebook: www.facebook.com/staysmartonline
Email: staysmartonline@communications.gov.au” style=”text-decoration:underline;”>staysmartonline@communications.gov.au
Web: www.staysmartonline.gov.au
You are receiving this message at the address public.notices93894@mysoutherndowns.com.au.
If you no longer wish to receive this information, you can unsubscribe.


© 2015 Australian Government. All rights reserved