The Australian Federal Court has become the latest high profile organisation to be used by scammers. Scammers are sending emails to people saying that they have been subpoenaed by the Federal Circuit Court. Recipients are also provided with links to the court address and the case information. These links are then installing malware on the target computers.
The Federal Court has responded by issuing a press release saying: “Neither the Federal Court nor the Federal Circuit Court issue subpoenas in such an informal way. These emails have not been issued by the Court and are fraudulent.” It has advised users to:
- Not click on any of the links as they may contain viruses or malware
- Delete the item from your in-box and Deleted folder.
Users infected with ransomware
The emails appear to come from the address firstname.lastname@example.org. They contain all the information you would expect in an email from a court. The header, footer and other data appears correct and there are no obvious spelling mistakes. This has led a number of victims to click on the links.
The links take the victim to a website that also looks authentic. It walks the victim through the process of downloading the case file which includes using a security check code. Once the case file is downloaded and unzipped it installs ransomware on the target machine.
This is not the first time this has happened to the Australian Federal Court. A report in the Australian Financial Review revealed that this scam had originally been detected last month. There is no press release or notice on the Federal Court website warning of this earlier attack. It raises the question as to why it was ignored and whether security staff hoped the first attack was a one-off.
Stop blaming the victim
This is not the first nor will it be the last time scammers use this technique. Over more than two decades of sending scam emails the cybercriminals have become experts in forging websites. This makes it harder and harder for victims to spot that they are being scammed. The security industry often blames the victim in these cases for clicking on links or emails but does little to help change behaviour. Without serious efforts to educate users and help them change their behaviour these scams will continue to happen.
How many people have and will be affected by this scam is unknown. The press release from the Federal Court states it: “…has been contacted by a large number of people” but doesn’t quantify that. It will be interesting to see what happens next. Given that this is the second round of scam emails will we see the Federal Court sued for not warning earlier? There is no evidence to say that an earlier warning would have prevented any of the victims getting infected.
What this does mean is that organisations need to do more to protect their customers and users. They need to spend more on detecting scams using their name and their details. They need to be more proactive when they detect such scams and immediately put warnings on their websites giving details of the attack.
Many companies will baulk at this. They will take the view that this could be business damaging. The reality is that doing nothing and allowing customers and users to get infected is probably more damaging than warning them.