Australia receives its fair share of the world’s spam, with some reports placing Australia 4^th on the world’s ‘most spammed countries’ list.  The problem has gotten much worse in the last 12 months, with stats showing that as much as 89% of email received in Australia is spam, up from 68% in the previous year.

Australians receive the usual stock market, male enhancement, and Paypal scams, but they also receive phishing emails targeted specifically for the Australian market.  Phishing emails branded for all of the major Australian banks are quite common.  Now a new phishing email attempts to leverage the press coverage of the recent Commonwealth Bank phishing scam.

The email claims to be from the Australian Federal Police (AFP) and warns the recipient that fraudulent credit card transactions have occurred and that the person is now under suspicion of aiding known criminals. Remarkably the email then instructs the recipient that “In order to prove your lack of culpability please click here“.  If the link is clicked the victim is taken to a website where personal information is collected.

Unfortunately many victims believe these emails due to official sounding references such as:

“Australian Federal Police case no : 24531987/AFP/832″

“Your case has received code 2 priority”

Typical of phishing scams the email also attempts to use fear to prompt immediate action, for example:

“Please note that failure to cooperate will lead to the advancement of our investigation. You will be prosecuted to the full extent of the law. Your assets and funds will be frozen until the end of our investigation.”

“This is a federal investigation, you will not contact your local authorities or bank; you will wait for one of our agents to contact you within 48 hours. We suspect local involvment in this matter. Failure to do so will ad a charge of “obstruction of justice” to you.”

Although the phishing emails contain many of the usual clues such as dire warnings, threats designed to illicit fear, urgent calls to action, and plain old bad spelling, the biggest clue should be the plausibility of the scenario itself.

Although the Australian legal system is web savvy enough to allow subpoenas to be served via Facebook most rational people would realize that the AFP is unlikely to send you an email accusing you of a crime, and then let you go to a website to prove your innocence.