A Qantas email scam, which contains malware, shows that humans are still the "most vulnerable vector" for cyber criminals to target, according to a security analyst.
Qantas has issued a warning about the seat selection fee receipts scam emails. According to the airline, the emails can easily be spotted as fakes because they include inaccurate amounts paid for selection and include an attachment which is understood to contain malware.
Don't be afraid to report online, door-to-door scams: NSW Fair Trading
Security threats explained: Social engineering
Australian Crime Commission sends out fraud warning letter
"Recipients of the email are being advised not to click the links or download the attached files. We also recommend that recipients run up-to-date security software on their PC and regular virus scans to help protect against security threats," a Qantas spokesperson said in a statement.
The Qantas spokesperson added that its subsidiary Jetstar warned customers about scam emails featuring fake itineraries which came to the airline's attention during the first week of December.
IDC Australia senior market analyst Vern Hue said that email scams are still "very prevalent" as they are profitable for scammers preying on unsuspecting victims.
"I believe that the human is the most vulnerable vector that cyber criminals target," he said.
"Although the security solutions available in the market can detect a large amount of malicious content, the truth is that some of them will manage to evade detection."
According to Hue, it is then up to the person who receives the email to make the right judgement on the authenticity of it and take the right security measures.
"From a business angle, proactive steps, such as engaging in external threat monitoring and cyber intelligence is a useful tool that proactively seeks out threats against organisations, and in this case, cyber fraud."
However, he pointed out that the vast majority of cyber fraud threats target end-users and urged organisations to step up their investments in security awareness and education programs.
"This has to be treated not from a user policy perspective, but done in a very practical level to ensure the users know that their actions can make a difference," Hue said.
Aside from ensuring that anti-virus, anti-malware and anti-spyware products are kept up-to-date, he said that end users should patch applications and the operating system they are running.
"Some other measures like using different security providers can help deter these attacks," Hue said.
"The key here is to have a layered approach in safeguarding your IT environment."
Follow Hamish Barwick on Twitter: @HamishBarwick
Follow Computerworld Australia on Twitter: @ComputerworldAU, or take part in the Computerworld conversation on LinkedIn: Computerworld Australia