Surety IT provides a monthly alert of the scams impacting Australian businesses including phishing scams, malware attacks and security
breaches/bugs.
You need to be particularly aware of –
1. Fake ANZ Email
- A new cyber-attack using an email with a PDF attachment.
- The simple email message (screenshot below) tells the recipient that they have an “over due payment” and shows a PDF attachment titled
“Payment Analysis.pdf” - The PDF attachment has fake ANZ Bank branding and contains a malicious .jar file download.
- The sending and display address associated with this scam message is: Kirsten.Anderson@dlsgroup.com
2. Fake Commbank Email & Phishing Scam
- A new phishing scam has been detected that uses UPS branding to try and win the trust of victims.
- This well-designed scam message tells recipients that their “UPS” package is available for delivery and invites them to track their parcel
by clicking on a link; see screenshot above. - The link in the message actually takes victims of this scam to a phishing website, where they are asked to log in with their Microsoft
credentials. - The fake login page is shown in the screenshot below:
- The display name on these scam messages is “Package Tracking” and the displayed sending address is “ed@weaversorchard.com.”
- This scam is operating on a compromised website and although it looks quite convincing, it’s sole purpose is to steal the user login
details of victims.
3. Fake Job Application Email
- A new scam has been detected posing as a job application email.
- The scam looks like a message from a job applicant, linking to their resume but the link in the email actually directs to a malware file
that targets devices running Windows operating systems. - Although this scam looks simple, the criminals behind it are using thousands of compromised websites and email addresses to power the
attack and avoid the scam being shut down. - Because the scam uses actual email addresses that have been hacked, the sender details also belong to the real people whose accounts have
been hijacked.
4. Fake Asic Email
- The email in the screenshot above is a scam message using a fake ASIC logo to deceive recipients.
- ASIC – The Australian Securities and Investments Commission – is Australia’s main financial services and consumer credit regulation body.
- ASIC commands a lot of authority and their branding, therefore, makes a useful tool for cybercriminals running a scam.
- This email purports to be an ASIC business name renewal notification and advises the recipient to click on a link to read a “renewal
letter,” but the link actually a malware file. - Files of this type may deliver spyware, trojans or viruses to the victim’s computer.
5. Fake MYOB Email
- A major cyber-attack has been detected using fake MYOB branded messages – like the one in the screenshot above – that link to malware
- The “view invoice” link in the message points to a .doc file which is infected with hidden malware, which will infiltrate the victim’s
computer automatically when it is opened. - The message in this scam is using randomly selected sender addresses to try and bypass detection, but all the sender URLs seem to belong
to one of the following domains:- casmai.com
- csgorc.com
- emarve.com
- spaarknotes.com
- vmartinsart.com
- These are all newly registered domains created in China.
6. Fake Companies House Email
- This scam email is designed to look like a “company complaint” notification issued by the British Government body Companies House.
- This email appears to come from the senders “Companies House”; noreply[at]cp-gov.uk – or noreply[at]cpgov.uk.
- It is well formatted so it looks quite convincing however, the attached word document contains a malware payload designed to infect victims
computers if they open it.
7. Fake GIO Insurance Email
- If you get this simple looking little email in your inbox, don’t click on the link and open the .doc file it points to.
- Although the scammers that sent it tried to make it look like a GIO Insurance notification, the sole purpose of this message is to deliver
malware. - The .doc file contains hidden code that will deliver malicious software to the victim’s computer in the background, without their
knowledge. - There are 2 different sender display addresses associated with this attack:
- “From: GIO Insurance insurance@nufloor.com.au”
- “From: GIO Insurance postmaster@emilac.com”
- Checking the sender addresses on scam messages like this one is one way to help identify that they are fakes.
