Corral Photography, a Sydney-based wedding photography company, has played host to a fake e-mail invoice scam, after hackers gained access to the business’ MailChimp online marketing account.

The scam invoice. Source: MailGuard.

Ronald Corral posted a warning on the Corral Photography Facebook page in March, warning the public to steer clear of the fake invoices sent from his e-mail accounts.

‘Seems Mailchimp account was compromised and the person/s imported their spam list and now using my business email address,’ he wrote. ‘Please delete if you received these fake invoices. I’ve contacted Mailchimp and I’m hoping the issue will be resolved.’

Hundreds of thousands of fake invoices have been sent to over 150,000 e-mail addresses around the world by Corral Photography, creating an unfortunate time-consuming and embarrassing problem for the Sydney small business owner.

On Corral Photography’s Facebook post, many people from around the world are informing him they received a random invoice.

Somehow these individuals’ e-mail addresses are on a spam list unrelated to Corral Photography – it’s a massive list created and transmitted by scammers for the purpose of large e-mail scam blasts.

However, a few confused e-mail recipients have wrongfully accused Corral Photography of mining and storing their address. One Australian said they reported the scam to the Australian Communications and Media Authority. Although others are sympathetic and understand Corral Photography is merely a host to the scam.

‘I’m so sorry about the people receiving these bogus emails,’ Ronald wrote. ‘I’m really hoping deleting the offending email addresses and the web hosting resetting everything will resolve this issue. There may be a trickle down but I hope it stops. 800+ emails. 200+ VM and 200+ missed calls.’

MailGuard, an Australian e-mail and cloud security service, said the malicious e-mail contains a ‘view invoice’ link which sends unsuspecting individuals to a scam file containing malware.

‘The intel we have seems to suggest that Corral’s MailChimp account was compromised by cybercriminals, who then used it in their email scam,’ MailGuard content writer, Emmanuel Marshall, told ProCounter. ‘It’s hard to tell exactly how this happened but MailChimp accounts are exploited pretty often in malicious email attacks like this one.’

What happened to Corral Photography is called ‘brandjacking’.

Scammers imitate the identity of a business by creating an authentic-looking invoice or password recovery template from a credible business.

It’s common for the scam to imitate a well-known business with a large customer base, like Telstra, Paypal, NAB Bank, or Netflix.

There’s usually clear warning signs, such as the e-mail sent from a bogus account like netflixsupport@xyzxyz.com, the sender’s display name, spelling mistakes throughout the e-mail, the individual having no relation to the business or not owing money, and dodgy attachments.

MailGuard published this Telstra brandjacking scam from earlier this year. Notice the e-mail is sent from a local photography business? Looks like Ronald Corral isn’t the first Australian photographer to be ‘jacked’ this year. Source: MailGuard.

But MailGuard says that while most people can smell a rat, the e-mail is blasted out to millions of people – it only takes one victim for the scam to be a success.

The purpose of the scam can be to steal personal information, such as banking and credit card details, or install malware.

The Corral Photography incident was a more sophisticated version of brandjacking.

Hackers seized control of the e-mail address through MailChimp and, rather than imitating the business, assumed its identity resulting in a far more credible scam.

Kate Carnell, the Australian Small Business and Family Enterprise Ombudsman, has warned business owners that cyber criminals have become more sophisticated and anyone operating online is vulnerable.

‘Many small businesses have successfully blended their physical and virtual shopfronts to establish sustainable operating models… Cyber criminals now are attacking small businesses very regularly. They know the big guys have really cool systems and they know the little guys haven’t.’

The Ombudsman published a pamphlet which claims cybercrime attacks have increased 300 percent in 2015; 43 percent target small businesses; and the attack can easily destroy or cripple a business.

Corral Photography isn’t the first business in the industry, and won’t be the last, to fall victim to hacking. Queensland School Photography was hacked in May 2017, with customer’s credit card details stolen and used for overseas purchases.

Then, of course, Adobe was hacked in 2013 and details from tens of millions of customers was stolen.

Many photo businesses, like Corral Photography, use the internet for marketing and communication, and it’s also handy for administration, cloud storage, and book-keeping.

Emmanuel said that Corral Photography did the right thing after the scam occurred by warning people through social media. But hacking is preventable, and requires a system to reduce a businesses’ vulnerability.

‘The first thing to do in a data-breach or suspected hacking scenario is to get expert advice. Cyber-attacks take a lot of different forms, so responding to them depends on the specific circumstances. Usually, if a company’s systems have been compromised they will want to alert their customers and business partners as quickly as possible, because cyber-attack incidents can have grave consequences for them as well,’ he said. ‘If your business has been hacked though, it’s probably because you failed to take adequate preventative measures. Good cyber-defence hinges on protection and prevention. MailGuard recommends a multi-layered strategy combining cloud-based protection, virus-scan software, and cybersecurity education for a company’s team members.’

The MailGuard blog provides free resources and advice regarding cyber security.