Cyber Security

The Anatomy of a Phishing Attempt - auDA Email Scam

Branko Ninkovic
October 18, 2021

Earlier this week I received a very well-crafted phishing email and wanted to share this with you as a reminder to always be vigilant when asked to share sensitive data via email.

The sender appeared to be from from auDA who states on their website ".au Domain Administration Limited (auDA) develops and administers the rules for domain names in the .au country code Top Level Domain.”

Upon investigation, there were some tell-tale signs this was a scam. The email has since been confirmed by auDA and numerous domain registrars as a well-orchestrated and targeted email scam. This email was dangerous; it was well-crafted and designed to fool the recipient to provide their driver's license and other personal information. This was no Nigerian email spam, and at the time of the investigation, there were growing concerns for the number of organisations and individuals who would fall victim to the scam.

Below are a few things that made the email appear legitimate.

  1. The scammers posed as a trusted brand on the Internet and the logo was clear and prominent.
  2. The spelling and grammar read well
  3. The email created a sense of urgency tied with a dire consequence if there is no fast, swift and immediate action

The above are the characteristics of a gold class phishing email. What also made this an even more dangerous scam was its threat of some form of legal action that would lead to the cancellation of the recipient's domain within 24 hours. We see many domain / company name/copyright scams, usually originating from China.

The threat to a domain name understandably tends to stirs up attention in businesses. Add the auDA reputation to the mix and now they have everyone's attention.

Regardless of the quality of the scam email, there were, however, many red flags that as a trained security professional were easy to identify. The most obvious was the request to supply a copy of the recipient’s drivers license over email. As a security advisor, privacy is paramount and is to be protected. The Internet is built around privacy and anonymity, and one should never supply copies of passports, credit cards and other personal and private information over the internet. There are still unfortunately, legitimate businesses that do still request this information over the internet which can make these scams like this appear legitimate.

Within hours the auDA posted an alert of the scam on their website and domain registrars sent out bulletins to shut down the fraud. Unfortunately, it is likely that due to the sophistication of the scam, many fell victim to it in the immediate aftermath of reaching people inboxes.

Hopefully, with the alerts and subsequent coverage such as this post, the effectiveness can be reduced and their operation closed down before more people and organisations are impacted.