Another batch of Cryptolocker emails are arriving in inboxes across Australia.

Over the past few weeks we have seen five variants – ranging from a poor attempt at a credit card balance email from JP Morgan, to infringement notifications from AFP Australia. Those behind the latter seem to think that the Australian Federal Police manage traffic violations.

Fortunately, they are easy to identify as fake (hovering your mouse over the links shows the true destination) so they shouldn’t cause too many concerns – but they do serve as an opportunity to remind staff that hostage-ware remains prevalent and they need to be vigilant about the links and attachments they click.

If you’re not familiar with this family of hostage-ware, we have written articles on Cryptolocker, and provided a deep dive into why they will be around for some time to come.

The five we have seen are:


1. Refunds from the Australian Tax Office

This attempt does well to mask the sender’s email address by making it appear legitimate, but the address seen when hovering your mouse over the link points to a completely different site.

Cryptolocker is back - example


2. Faxes from the Australian Tax Office

This is likely from the same source as the refund statement above. It is only by hovering over the link address that the true destination is seen.

Cryptolocker is back - example 2


3. Australia Post Delivery notifications

Also replicating the model used in 1 and 2, the sender’s email address appears correct, but the link exposed exposed when you hover over the link shows that it is again redirecting you to a another site.

Cryptolocker is back - example 3


4. Traffic Infringement Notice from the Australian Federal Police

These are a little more obvious. Even if you believe that the AFP are now issuing traffic tickets, the sender’s actual email address ([email protected]) and the link should be enough to alert you something is not quite right.

Cryptolocker is back - example 4


5. JP Morgan Credit Card Balance

It’s unlikely you have a JP Morgan Credit Card, but even if you did – the sender’s email address and the link address exposed when hovering the link should be enough to stop you from clicking the link.

Cryptolocker is back - example 5



More information

For more information on Cryptolocker, click here.

For more information on how to better secure your business, speak to the blueAPACHE account team.



Contact blueAPACHE

    First Name*

    Last Name*



    Type of Enquiry*:


    Please phone me back.

    Subscribe to the latest news and events.