Urgent Alert regarding scam email and unauthorised system access.
This notice is to advise you of a recent incident involving unauthorised access by an unknown third party (hacker) to certain of our dealership email accounts (as outlined below). We have conducted extensive investigations and identified the data that may have been compromised during the incident. While we have found no indication that your personal information has actually been compromised, there is a small possibility that certain data relating to you may have been available to the hackers.
Further information can be found by clicking the following link:
The message below was to notify customers of the original phishing email that was sent from an affected email account.
We have become aware that an unknown third party (hacker) gained unauthorised access to our Retention Business Manager Raj Fernando's email account (email@example.com) and acquired data from that account. That data includes email addresses of customers and other individuals Raj has previously had dealings with. The hacker has sent a "phishing" email to those email addresses, having the appearance of a message sent by Raj and stating that you have an invoice from Mercedes-Benz Melbourne with link to access it.
This is a fraudulent email and if received it, you should disregard and or/delete it immediately and take any action in response, including not accessing any link (whether by clicking or copying it into your web browser).
Those links ultimately resolve to an unauthorised website masquerading as on official (Microsoft) platform requesting your login details. If you submit those details, they will be transmitted to an unknown third party and may be used in future without your authorisation and potentially cause you harm. We are highly concerned to ensure that this does not happen to our valued customers, business associates and other individuals whose email addresses may have been stolen.
Please rest assured that you have no invoices from Mercedes-Benz Melbourne issued under this email. We would never email invoices that request payment via a weblink, or send communications that require you to provide passwords or other sensitive information.
If you have accessed the link in the scam email and submitted any information into the fraudulent webpage, we recommend that you immediately select a new strong password for that account through its official website (and do the same for any accounts using the same or a similar password). We further recommend that you review and monitor your accounts generally for suspicious activity.
As an additional safeguard, you may wish to review any email communication between Raj and yourself for any other potentially sensitive information exchanged that may cause harm should it be misused, and take appropriate steps to address that risk. Please do not hesitate to contact us if you have any concerns or if we can assist you in this regard.
Immediately upon becoming aware of this incident we commenced an investigation and have been working hard to identify the individuals affected and contain the breach. This has included changing the password for the compromised staff email account and working with our external IT providers to identify the email recipients (where the hacker has taken steps to destroy records that would assist in this process).
We highly value the security and privacy of the personal information that we hold and take the security of our electronic communications with you very seriously and have robust measures in place to minimise opportunity for such incidents to occur. Unfortunately, perpetrators of such scams are adept at deploying significant resources to compromise even the best security measures available. Unfortunately, we must all be wary upon receiving unsolicited or suspicious emails, particularly those requesting personal information or containing links or attachments.
Should you ever have any doubt as to any communication from us please feel free to call us directly on (03) 9690 8833 to verify the authenticity of the communication.
If you have any further concerns about this specific fraudulent email please email us at firstname.lastname@example.org.
We deeply regret this incident and apologise for any inconvenience it may have caused.