Government warns SMEs of new scam luring businesses into applying for fake tender contracts
Wednesday, January 16, 2019/
Australian businesses have been specifically targeted by hackers in a new phishing scam which impersonates the government’s AusTender website, luring in unsuspecting SME owners who believe they are applying for lucrative government contracts.
Uncovered by security researchers at threat detection platform Anomali, the scam appears as an email sent to Australian companies, claiming they have been selected by the Department of Infrastructure and Regional Development to submit a tender for a commercial project.
The letter attached to the email includes seemingly legitimate tender numbers, tells recipients they must be registered in the tender ‘portal’ before applying and tells them to make sure they sign in with their email provider.
The letter also purports to come from Secretary of Infrastructure and Regional Development, Dr Steven Kennedy, a legitimate employee of the Department of Infrastructure.
Upon clicking on the bright red ‘Tender’ button, users are taken to a replica site of the AusTender registration page that invites users to enter their details. Those details are then harvested by the attackers for fraudulent use on other sites, and presumably to gain access to business owners’ email accounts.
“To invoke a sense of urgency, the site claims that the deadline for tender submissions is no later than January 28th, 2019,” Anomali stated.
The threat detection company has already alerted the government, who has issued its own warning about the scam, advising businesses to “not attempt to open the attachment, delete the email and consider reporting it” to organisations such as ScamWatch.
Though there have been no known victims of the scam as yet, Anomali advises SMEs to always be cautious of suspicious emails and educate staff about “normal ways of working” when it comes to interacting with other organisations.
“It would be advisable for individuals and companies interested in pursuing government contracts be wary of unsolicited emails claiming to be from the Australian Government Department of Infrastructure and Regional Development,” researchers said in a blog post.
“It would also be prudent for all government entities to ensure adequate messaging is presented to make prospective bidders aware of the correct procedures when applying for tenders or bids and provide relevant security warnings of such illegitimate phishing scam campaigns.”
However, this may not be the first and only example of tender-related phishing scams, as Anomali says it expects further examples throughout 2019.
Feel the churn: How to bounce back after losing staff and clients Sue Parker DARE Group founder
“Motivation is a feeling, commitment is a mindset”: Why you should start investing in yourself right now Lisa Stephenson Who Am I Projects founder
How to call your team into action with a winning presentation Emma Bannister Presentation Studio founder
The link between diet and mental health — and how to eat your way to wellbeing Kate Save Be Fit Food co-founder
From interactive videos to AI: The five marketing trends that will dominate 2019 Warwick Boulter Collaboro co-founder
Australia is leading the legaltech revolution, but what does this mean for lawyers, firms and clients? Jodie Baker Xakia founder
Why a video news release needs to be part of your PR strategy Leisa Goddard Adoni Media managing director
Want to catch more customers? Here's how to create a super sales funnel Jovana Vujnic Bumper Leads founder