Pop up – Demo

Subscribe Form Popup

ShareThis

Microsoft-365-business-Popup

We're here to help Fill out the simple form below & one of our IT experts will be in touch
  • This field is for validation purposes and should be left unchanged.

Mercury IT Managed Services | Brisbane | Gold Coast | Melbourne Logo
1300 668 223 Client login

Cybersecurity

Home / Cybersecurity / Cyber Insights with Mercury IT- June 2025
Contact Us
18 JunCybersecurity

Cyber Insights with Mercury IT- June 2025

Cyber Insights (18)

Welcome to this month’s edition of Cyber Insights! In this issue, we dive into the latest scam targeting Amazon Prime customers, uncover recent security breaches, and explore vishing—what it is and how to avoid it.

SCAM ALERT

Cybercriminals are targeting Amazon Prime customers. You receive an email stating that your Amazon Prime subscription will automatically renew. The email contains your name and address, making it appear convincing. It claims your subscription will automatically renew, but at a very expensive cost.

Since the high subscription cost seems alarming, you’ll likely want to use the “cancel subscription” button in the email. If you click it, you will be taken to what appears to be an Amazon Prime login page so that you can access your account. But if you enter your user credentials, you won’t be taken to the real Amazon website. The login page is fake, and the cybercriminals who created it can steal any information you enter here!

Follow these tips to avoid falling victim to a phishing scam:

  • If you’re concerned about your Amazon Prime subscription, contact Amazon’s official customer service directly instead of clicking a link in an email.
  • Always think before you click. This phishing scam is designed to scare you into clicking impulsively.
SECURITY BREACHES

Australia – MKA Accountants
Exploit: Ransomware
Industry: Business Services

Moonee Ponds-based MKA Accountants was named a victim of the Qilin ransomware gang. The group published 12 stolen documents on its darknet site on May 14, including internal emails, financial statements and insurance records. The firm has notified clients and reported the incident to the Australian Cyber Security Centre and the Office of the Australian Information Commissioner. MKA says it is aware of the claims and is working to verify the extent of the breach. Read more here

UK- Harrods
Exploit: Hacking
Industry: Retail

Harrods has been hit by a cyberattack. The DragonForce cybercrime group, sometimes called “ScatteredSpider,” claimed responsibility. The luxury department store admitted it was forced to shut down some unnamed systems but said its website and all its stores, including the Knightsbridge flagship, H Beauty and its airport outlets, continue to operate. The retailer disclosed that it first realised it was being targeted last week. The retailer said it is engaging experts to investigate the issue. Read more here

 

CYBERSECURITY TIPS

Cybercriminals not only use the internet and email to gain access to sensitive information, they use telephones to their unlawful advantage. Vishing is the term for criminal attempts to influence action or gain confidential information over the phone using social engineering.

How it Works:

Criminals have the ability to call from a blocked, “spoofed,” or private number, making it easier to pose as a fellow employee, an authority figure, or any person or organization that you would commonly interact with.

Any information regarding the processes or technologies a company uses would assist in a breach of an organisation. Information that you may not consider very sensitive, such as employee names, titles, or ID numbers, could certainly help these criminals.

Don’t Fall for These Phony Attempts

Think twice about giving out personal information to someone who claims to be from a different organisation, or within your organisation, unless you initiated the call yourself and you are certain the number called was valid. If someone contacts you requesting sensitive information, always verify that the source is legitimate before providing the information. If the caller claims they are from a different organisation, you can compare the caller’s phone number to the phone number listed on the organisation’s official website. If the caller claims they are from your organisation, you can compare the caller’s phone number to the phone number listed in your organisation’s internal directory.

Vishing is not limited to gaining data from your organisation, as vishers are also known to prey on your personal information. Remember to stop, look, and think before answering unfamiliar numbers, or before calling phone numbers you see in emails, internet ads, or pop-ups.

Find out more about cybersecurity for your business here or book a complimentary consultation with our Chief Information Security Officer, Chris Haigh here

About the author

Mercury IT