Surety IT provides a monthly alert of the scams impacting Australian businesses including phishing scams, malware attacks and security
breaches/bugs.
You need to be particularly aware of –
1. Xero invoice scam
- A new phishing scam has been detected that looks like it has been sent through Xero.
- It encourages the recipient to click through to the invoice.
- The link in the message takes the victim to a compromised Sharepoint site where malicious content is downloaded and executed.
- The malicious software (Javascript) is typically used to track on-page activity and often precedes data theft and social engineering
attempts.
2. Fake Telstra email
- A new phishing scam has been detected that has brand-jacked Telstra.
- This phishing email is a very convincing forgery of a Telstra email notification and login portal.
- The sender display email address is also realistic, shown as – telstramailbill_noreply@online.telstra.com
- The link in the message actually takes victims of this scam to a phishing website, which again is very realistic (shown below)
- Once the victim inputs their credentials in the page below, they are forwarded to a second page which harvests their personal data and
credit card details.
3. Fake Linkedin request
- A new scam has been detected that claims to be a Linkedin invitation from “Professor Barry James Marshall”.
- This is a phishing scam designed to harvest your Linkedin login credentials.
- A search of Linkedin reveals that “Professor Barry James Marshall” is a bogus account name that doesn’t exist.
4. Law Council of Australia brand-jacking
- There is a new phishing scam that has been detected that is exploiting the trademarks of the Law Council of Australia, Office 365, Yahoo,
GoDaddy, Hotmail, AOL, The Law Institute of Victoria and others. - The scam is aimed at collecting login names and passwords of victims.
- The simple scam email is in plain text.
- When the recipient clicks on the link, they are taken to a PDF document with a malicious link that opens a phishing page.
