Surety IT Security Alert – June 2018 Part 1

Surety IT provides a monthly alert of the scams impacting Australian businesses including phishing scams, malware attacks and security
breaches/bugs.

You need to be particularly aware of  –

1. E-Toll fake receipt notification

• The scam uses a simple message that tells the recipient that your payment was successful.
• The receipt is supposedly attached.
• Victims  who download the linked file are unwittingly downloading malware to their computer.
• The message comes from a variety of senders, including –

•  “E-Toll (6050834)” Bill@jotbill.com
•    “Motorway Team (4828291)” steadfast@firstbaptistmaysville.com
•    “Motorway Team (6059975)” rhondatodd@dpricemd.com
•    “E-Toll (8990155)” info@mrlimodenver.com
•    “E-Toll (3133462)” jake@abbottsplace.com
•    “E-Toll (8213460)” carlos@cmvtransportation.com
•    “Motorway Team (4940160)” andreas@lct-asia.com
•    “Motorway Team (1012449)” kevin@boatcarpet.com
•    “E-Toll (4424201)” bonnie@bandbschnauzers.com
•    “Motorway Team (1403962)” rvintinner9801@fastemailsystems.com
•    “E-Toll (6508878)” general@nextgenerationsurfaces.com
•    “E-Toll (8615796)” bengt.o.lundgren@bjarenet.com
•    “E-Toll (6087315)” don@donbent.com

2. Fake ATO email alert

• A new phishing scam has been detected that uses the subject “ATO Warning Document Received”.
• This scam message states “we noticed unlawful fillings (sic) & tax evasion on your previous tax return…To avoid legal action,
  see the link below to view and sign your document”
• The link in the message actually takes victims of this scam to a phishing website, where they are asked to enter their email address and
  password.
• Email addresses and passwords captured by this scam will be used to defraud victims.
• The  senders associated with this email scam are:

• Jessica Lynn – jlynn@morningstarcfs.org
• Paul Smart – paulsmart@live.com.au
• rachael – rachael-alyse@hotmail.com
• steve schutze – steve_schutze@hotmail.com

3. Brand-jack of OneDrive

• A new scam has been detected that claims to be from OneDrive and is associated with several sender email accounts including:
• alison_cody@mckinnonbasketball.org
• craig@selectinsurance.com.au
• pierre.mars@cap-xx.com
• The email tells recipients that there is a “document received via OneDrive” and they should click on a link to “review
  document”.
• The link takes the victim to a phishing page where the victim is asked to submit their login details.
• This scam is used to harvest victim details that can be used in identity theft and fraud.

4. Fake MYOB Branding

• The email in the screenshot above is a scam message using MYOB branding to deceive victims into giving up their Microsoft login details.
• This scam uses a fake MYOB email which asks the victim “To view your Remittance Advice”
• There is also a grammar error in the next sentence – “You are require to Login…..”
• If the link is clicked on it will open a web page similar to the one shown below.
• This scam is used to harvest victim details that can be used in identity theft and fraud.

5. Fake Invoices

• There is a new scam based on fake invoice notifications, as shown above.
• The message encourages recipients to download and open a “receipt” but the documents in these messages are infected with malware.
• The  messages originate from a variety of senders and use a ranges of different names but all have links to malware.