Surety IT Security Alert 1 – May 2018

Surety IT provides a monthly alert of the scams impacting Australian businesses including phishing scams, malware attacks and security
breaches/bugs.

You need to be particularly aware of  –

1. Fake Docusign Email

  • This scam email impersonating a DocuSign notification is well designed, as you can see in the screenshot above.
  • To add to its deceptive credibility, this formatted message shows the sender details  “From: DocuSign – noreply@docusign.delivery”
  • The message advises the recipient that they have “received a secure document via DocuSign” and invites them to open an attached .doc file.
  • The document is infected with hidden malware which will be covertly activated when it is opened.
  • It is unclear what effect the malware might have but spyware and viruses are commonly carried by this kind of scam message.
  • Unprotected email users may receive this message today, so please exercise caution.

2. Fake Commbank Email & Phishing Scam

  • The scam email pictured above, has been detected, directing recipients to “log on to Netbank” by clicking on a link.
  • The scam message has been quite well designed, with forged Commonwealth Bank trademarks, but there is a tell-tale error in the message
    text; “to confirm your NetBank account, you are to sign on before April 1st May,
  •  2018.”
  • Small mistakes like this are often the only obvious indication that a message like this is actually a scam.
  • Clicking on the link in this message takes the scam victim to a fake Comm-Bank login page:
  • This phishing page will harvest the victim’s bank login details, enabling the cybercriminals behind this scam to illegally gain access to
    their account.

3. Fake Office 365 Email

  • A new scam has been identified using a fake Office 365 notification email that links to a phishing site; see screenshot
    above.
  • The scam is designed to steal your Office 365 login credentials.
  • Recipients of the scam email are informed that their “office email” will be deactivated, and instructed to click on a link in the
    message to “cancel deactivation.”
  • The link in this email is actually pointing to the fake login page that asks for Office 365 login data.
  • The sender address associated with this scam message is: ‘noreply@notifications.com’

 

4.Fake High Court Email

  • This new scam is a classic example of criminals using the  to persuade people to click on their links.
  • This message purports to be from the “High Court of Australia” and advises the recipient that they must “pay the coasts for
    Ms Hughes” (sic) – see screenshot above.
  • No doubt this would cause some confusion for most people who open this message, so the scammers have cunningly made their link read
    “additional information,” which sounds harmless until you find out that the link is actually pointing to a malware file designed to infect
    victim’s computers.
  • This message is being sent from a compromised MailChimp account showing the following sender details:
    • From: “notification” contact@MauritiusShipModels.com
    • From: “notification” firebird@firebirdltd.com

5. ANZ Phishing Scam

  • When people get an email from their bank, the last thing they suspect is a scam, so of course, cybercriminals regularly exploit the
    trademarks of well-known banks to make their phishing emails more convincing.
  •  A new run of scam messages has been detected, using the branding of ANZ Bank and advising victims “your access has been temporarily
    locked.”
  • The messages go on to say “your profile will be permanently locked if you do not confirm your login details correctly. To keep your account
    safe please log on to proceed.”
  • The emails contain a link, made to look like it points to an ANZ Bank login page, but actually directing the victim to a phishing site:
  • The screenshot above shows the fake login page designed by the scammers. You can see that the site looks quite convincing; with ANZ
    trademarks and logos.
  • Once the scam victim has entered their bank login details, they are directed to a second page- shown below – which asks them to submit
    their security verification data:
  • The sole purpose of this elaborate phishing site is to harvest the login credentials of ANZ customers so the criminals behind this scam can
    break into their bank accounts.

6. Malware Email Scam

  • A  new email scam has been detected using a .doc file infected with macro malware.
  • This scam email is designed to look like an E-Toll notification.
  • The message – as shown in the screenshot above – advises the victim to view their E-toll account statement but the
    attached .doc file is infected with a malicious macro which would download malware to the victim’s computer.
  • The sender display name shown on this scam message is ‘Roads and Maritime Services’:
  • The .doc attachment used in this scam advises the recipient to click “enable editing” and “enable content” but these links would activate
    macro code malware.

7. Fake DHL Email

  • A new email-based cyber-attack exploiting DHL branding has been detected.
  • This scam is designed to look like a ‘shipping notification’ from DHLshipping. The text of the message advises the recipient
    that they ‘have DHL shipment’ and asks them to ‘download attached to confirm your shipping details.
  • The attachment labelled ‘shipping details pdf’ is actually a .ace file containing trojan malware.
  • The trojan malware contained in this scam message could be very harmful. If you see this message appear in your inbox, please delete it to
    avoid risking damage to your computer.

Contact Us

Name(Required)
This field is for validation purposes and should be left unchanged.

Find out how we can help with your IT challenges.

About the author:

Picture of Ash Klemm

Ash Klemm

Ash has over 20 years of experience in sales and marketing. His journey from a casual salesperson at Chandlers to State Manager at a national IT distribution company, while battling health issues, including a double lung transplant in 2015, gave him the experience, know-how, tenacity, and marketing insight, to find solutions and help businesses grow. After spending several years in the ivory tower of state management, Ash missed the genuine connection of face to face meetings and helping make a difference to businesses in need. His authentic, conversational, and easy-going nature helps our customers feel at ease and shows them we are a brand to trust. Ash spends his days advocating for our customers to ensure they receive the best possible service in a timely fashion. Ash is also the in house chair builder. His curiosity and natural problem-solving ability make him the perfect first call for all our new customers to help determine what is wrong, how Surety IT can help and what the best solutions are moving forward.
Scroll to Top