Surety IT Security Alert – July 2019

Surety IT provides a monthly alert of the scams impacting Australian businesses including phishing scams, malware attacks and security
breaches/bugs.

You need to be particularly aware of –

1. Office 365

  • Sent via a compromised email address and purporting to be from Office 365, a new phishing scam is landing in inboxes informing recipients
    that some messages have been delayed due to be them being identified as spam.
  • It advises that the recipient can review these and choose how to proceed by clicking the “Review Message” link.

 

  • Those who click on the link are redirected to a Microsoft blob hosted phishing page which looks like the actual Office 365 login screen
    and are requested to select their account from a list.
  • Should they click on the account, they are then requested to enter their password and click login which causes the page to indicate it is
    loading.

 

 

  • Red flags in this scam include that the email body isn’t well-formatted and contains grammatical & spacing errors.

2. Audio Email

  • Uses the display name of “Notifications”, titled “You Have Received An AudioEmail” and sent from a compromised email
    account
  • Advises recipients that they have received a new ‘Audio Email’ from their address book and that a call back is required

 

  • Details on the supposed audio note, including duration, date & time are attached which also includes a link to listen to the full
    message.

 

  • Those who click on the link are led to a compromised Sharepoint account which provides another link to listen to the full message.
  • Should the ‘Listen to Full Message Here’ link be clicked, recipients are led to a OneDrive for business page which states that the file
    cannot be previewed and includes another link to open the full file.

 

  • The recipient is then directed to a phishing page purporting to be Microsoft which appears as a legitimate sign in page.

 


3. Microsoft

  • Sent via a compromised email account, the display name corresponds to the recipient’s email address and is titled ‘error message’
  • The email informs recipients that their emails are stuck on the server pending their session ‘revalidation’ as they are ”still using an
    outdated email settings’.
  • They are then directed via a link  to use a ‘maintenance portal’ to update and retrieve their messages.

 

  • Those who click on the link are taken to a Microsoft Forms hosted form titled ‘Microsoft Maintenance Portal’ which requests email and
    password details.

 

  • Once the details are submitted, users are directed to another portal page that confirmed their response was submitted successfully.

4. Dropbox

  • Sent via a single compromised domain and appears as an auto-generated email from Dropbox
  • Including a purchase order reference number, the email informs recipients that a new purchase order has been shared with them and to click
    a link to view the purchase order.

 

  • Recipients who click on the ‘View File’ button are led to a highly suspicious blank page that is not associated with Dropbox which
    contains an error message.

 


5. Suncorp

  • In an attempt to harvest login credentials and originally sent from the forged ‘suncorp.com.au’ domain, the email is titled ‘ACTION
    REQUIRED: Verify your ID for next level security’ and contains a short message requesting ID verification to be completed via a
    link.

 

  • Those who click on the ‘Verify Now’ button are redirected to a Suncorp branded phishing page that requests their account ID and password
    as well as the secret token code.

 

  • Once logged in, recipients are taken to a photo ID verification page which directs them to upload a photo of a legal identification
    document such as their passport. They are then requested to input additional personal details such as address, date of birth and phone
    number.

 

 

  • Once users click on the ‘update button’, they are led to a ‘thank you’ page, informing them that they have successfully finished verifying
    their ID and are redirected to the login page.

If you’d like any further information, assistance with your cyber security or you don’t know where to start please call us on  1300
478 738

or email us at  info@suretyit.com.au.

Contact Us

Name(Required)
This field is for validation purposes and should be left unchanged.

Find out how we can help with your IT challenges.

About the author:

Picture of Ash Klemm

Ash Klemm

Ash has over 20 years of experience in sales and marketing. His journey from a casual salesperson at Chandlers to State Manager at a national IT distribution company, while battling health issues, including a double lung transplant in 2015, gave him the experience, know-how, tenacity, and marketing insight, to find solutions and help businesses grow. After spending several years in the ivory tower of state management, Ash missed the genuine connection of face to face meetings and helping make a difference to businesses in need. His authentic, conversational, and easy-going nature helps our customers feel at ease and shows them we are a brand to trust. Ash spends his days advocating for our customers to ensure they receive the best possible service in a timely fashion. Ash is also the in house chair builder. His curiosity and natural problem-solving ability make him the perfect first call for all our new customers to help determine what is wrong, how Surety IT can help and what the best solutions are moving forward.
Scroll to Top