Surety IT Security Alert – June 2019

Surety IT provides a monthly alert of the scams impacting Australian businesses including phishing scams, malware attacks and security
breaches/bugs.

You need to be particularly aware of –

1. ANZ

  • ANZ has once again been exploited in a phishing email scam that uses a display name of ‘ANZ’ and titled ‘Successful BPAY Payment Advice’.
  • Payment related details are provided in the email, including; customer code, payment amount and date etc

 

  • A link is included to ‘view transaction history and provide detail’ leading those who click on the URL to a legitimate looking copy of the
    ANZ login page.

 

 

  • Once login details are entered, users are redirected to a page that simulates a blocked account scenario with 3 questions to be answered
    which then bounces back and advises that their answers are incorrect.

 

  • By sending this email scam, cyber criminals are intending to break into bank accounts with the harvested login details.

2. BankWest

  • BankWest is the latest bank to be brandjacked in where customers are informed via email that their ‘online access will be discontinued and
    deleted due to a failure to comply with our online update regulations’

 

 

  • Recipients are then advised ‘To avoid the above action, use the Bank West online update form attached to this email’
  • The form requests extensive customer details including personal access number, secure code, telephone banking PIN, personal identity
    information as well as debit card number information.

 

 

  • Red flag in this email is that the banking logo on the form says bankBest instead of BankWest
  • Should recipients complete all required details, the cybercriminals will be able to access all online and mobile banking as well as using
    the information for identity fraud.

3. Amazon Store Online

  • Fraudulent emails with legitimate looking Amazon store branding have been detected with the subject ‘Amazon – Your Order Has been
    Cancelled’

 

  • Recipients are advised that ‘Your recent order on AMAZON.COM has been cancelled due to fraudulent activity detected’, as well as other
    messages indicating that a recent order was undelivered due to an address mismatch issue.
  • Users are directed to visit amazon.com/verify-my-account or to click the ‘Verify Email’ button in the email button which directs users to a
    page that asks for login credentials.
  • The site present a message advising that Microsoft has detected suspicious activity on their computer.

 

 

  • Sent from compromised sending addresses and using a display name of ‘Amazon Head Office’ or ‘Amazon Support’, this phishing scam is
    designed to trick users into giving login details or to contact a phone number listed on the site.

4. NAB

  • Sent from numerous compromised accounts, multiple variations of emails have been detected purporting to be from NAB.
  • Using the display name ‘NAB Support’, the email advises the ‘customer’ that their password was entered incorrectly more than 3 times and
    that the security team had to suspend the account and all funds inside.
  • To release the hold on the account, recipients are advised to either visit one of their branches or follow the activation link
    provided.

 

  • Those who click on the link are led to a NAB phishing page which requests the user to enter their NAB internet banking details as well as
    additional further personal information once logged in. Once all details are entered, users are redirected to the actual NAB website.

 

  • The second variation of the email contains a plain text message advising recipients that they have received an Osko deposit with the
    amount shown.
  • To obtain further information about the payment, recipients are requested to click the ‘View transaction history’ link which leads them to
    a convincing copy of the NAB internet banking login page.

 

  • Once users enter their NAB ID and password on the convincing looking page, they are redirected to the actual NAB internet banking login
    page.
  • Several red flags in the email include being poorly worded and containing grammatical errors.

5. Westpac

  • Using a display name ‘Westpac Bank’, emails purporting to be from Westpac are being sent from compromised accounts.
  • Advising recipients that some unusual activity was noticed on their account and that their account has been temporarily locked, users are
    provided with a link to re-activate their account.

 

  • Those who click on the link are leaded to a Westpac branded phishing page which requests account ID and password.
  • Once these details are entered, they are then requested for further personal information including date of birth, mobile number and
    drivers license number.

 

  • When the second page is submitted, the user is shown that their account is being verified and after a short pause are redirected to the
    actual Westpac login page.
  • Red flags in this email include, no branding or customised information, several grammatical inconsistencies and real banks never direct
    customers to a link to sign in to resolve an issue.

If you’d like any further information, assistance with your cyber security or you don’t know where to start please call us on  1300
478 738

or email us at  info@suretyit.com.au.

Contact Us

Name(Required)
This field is for validation purposes and should be left unchanged.

Find out how we can help with your IT challenges.

About the author:

Picture of Ash Klemm

Ash Klemm

Ash has over 20 years of experience in sales and marketing. His journey from a casual salesperson at Chandlers to State Manager at a national IT distribution company, while battling health issues, including a double lung transplant in 2015, gave him the experience, know-how, tenacity, and marketing insight, to find solutions and help businesses grow. After spending several years in the ivory tower of state management, Ash missed the genuine connection of face to face meetings and helping make a difference to businesses in need. His authentic, conversational, and easy-going nature helps our customers feel at ease and shows them we are a brand to trust. Ash spends his days advocating for our customers to ensure they receive the best possible service in a timely fashion. Ash is also the in house chair builder. His curiosity and natural problem-solving ability make him the perfect first call for all our new customers to help determine what is wrong, how Surety IT can help and what the best solutions are moving forward.
Scroll to Top