Surety IT provides a monthly alert of the scams impacting Australian businesses including phishing scams, malware attacks and security
breaches/bugs.
You need to be particularly aware of –
1. NAB Bank Branding Hijacked
- A new phishing scam has been detected that looks like it has been sent by NAB Bank.
- It advises the recipient that their account ‘is now locked’.
- The link in the message takes the victim to a phishing page made to look like a real NAB login portal.
- The phishing page harvests the personal login information of the victim and forwards them to a second page which collects their credit card
details. - To identify the scam, If you look at the email address of the original email sent, you will see it is not a NAB official
address.
2. St George Bank Email Scam
- A new phishing scam has been detected that has brand-jacked St George Bank.
- This phishing email hopes that the victim clicks on the link which directs them to a fake but convincing St George Bank login page.
- If the victim inputs their details, the scammers have all the details they need to access the account and take any money in it.
3. Naffco Email Scam
- A new scam has been detected that claims to be from Naffco.
- If a victim clicks on the document attachment link they are directed to a malware infected Dropbox File.
- If clicked, the victim’s computer can be infected with viruses, spyware and crypto-jacking malware.
4. ANZ Internet Banking Scam
- This new scam email uses ANZ branding in attempt to steal internet banking credentials and personal details.
- There is a link in the email that directs victims to a fake but very real landing page for ANZ internet banking, where customer
registration number and password is requested. - Once the login credentials are entered, the victim is then asked for their full personal details including drivers license number, mobile
number, date of birth and full name.
5. Office 365 ‘Failure to Sync’
- A new scam has been detected that claims to be from Office 365 advising that the email account ‘failed to connect’.
- If a victim clicks the ‘Retrieve Messages’ link, they are directed to a fake Office 365 portal.
- Check the sender of the email before clicking any links to determine if it is a legitimate email from Office 365
- If
the link is clicked, the scammers have the victims legitimate credentials to then use themselves.