Phishing Scam uses WhatsApp and Telegram to target Australian diplomats.

An identity phishing scam used popular apps to target Australian senior diplomats.

April 16 2021 by

Becci Velzian

Map of Australia with pins.

A sophisticated identity theft scam was used to attack Australia’s Senior Diplomats in April of 2021. Cybercriminals often repurpose tactics and tools against other organizations, for example, the techniques used by Hafnium were replicated by other groups to hack 60,000 organizations. Organizations should take steps now to prevent themselves from being impacted by a similar identity phishing scam.

About the identity phishing scam

A cyber syndicate impersonated the victims on encrypted messaging services, WhatsApp and Telegram, to gain access to sensitive information and steal money from the victim’s contacts. Targets of the phishing attacks included the Finance Minister, Simon Birmingham, and Health Minister, Greg Hunt amongst others in senior positions. A number of reports were made to The Australian Federal Police about suspicious activities on senior members of the party’s phones.

This is not the first the Australian government has been prey for cybercriminals, earlier on in the year the Parliament House was involved in a sophisticated attack on the computer network.

The identity phishing scam sent messages to Senior Diplomats asking them to validate new WhatsApp and Telegram accounts. Once the victim clicked or downloaded the app the bad actor gains access to their contact book and can impersonate them on the new account and send unsolicited messages. A lot of the messages sent were referring to contacts in Hong Kong or asked contacts to transfer money to a Hong Kong bank account. The AFP are yet to determine who is responsible for the scam at this stage.

How to prevent phishing attacks

Security teams, particularly in organizations with high-risk senior leaders, should assess this type of attack and determine the impact on the business. Moreover, you should review the services your end-users use, like Telegram and WhatsApp, and ensure there is protection here. There’s a high chance this type of attack will happen again, as adversaries often repurpose the same techniques again.

There are some basic rules of thumb you can execute to prevent identity phishing attacks from happening in your organization. However, due to the sophistication of these types of scams they can be tricky to detect. These types of hacks surface as quickly as they disappear, and they tend to be more lethal in the earlier days of the attack where detection software hasn’t identified them.

In the Cyber Security Breaches Survey for 2020, they found that businesses are experiencing a rise in phishing attacks (from 72%-86%) and a fall in viruses or malware. Unless your organization has a security solution to detect phishing attacks across all platforms, including SMS and email, your users aren’t protected. Jamf is a market leader in identifying zero-day phishing and our Mobile Threat Defense solution blocks phishing attacks in real-time.

You can identify phishing attacks using Jamf to fully itemize the threat, levels of risk, and what you can do to activate it. Get in touch with our team to learn more about our real-time phishing prevention mechanisms and how we can keep your business protected.

Subscribe to the Jamf Blog

Have market trends, Apple updates and Jamf news delivered directly to your inbox.

To learn more about how we collect, use, disclose, transfer, and store your information, please visit our Privacy Policy.

Tags: