Surety IT Security Alert 1 – May 2018

Share on facebook
Share on twitter
Share on linkedin
Share on pocket

Surety IT provides a monthly alert of the scams impacting Australian businesses including phishing scams, malware attacks and security
breaches/bugs.

You need to be particularly aware of  –

1. Fake Docusign Email 

  • This scam email impersonating a DocuSign notification is well designed, as you can see in the screenshot above.
  • To add to its deceptive credibility, this formatted message shows the sender details  “From: DocuSign – noreply@docusign.delivery"
  • The message advises the recipient that they have “received a secure document via DocuSign” and invites them to open an attached .doc file.
  • The document is infected with hidden malware which will be covertly activated when it is opened.
  • It is unclear what effect the malware might have but spyware and viruses are commonly carried by this kind of scam message.
  • Unprotected email users may receive this message today, so please exercise caution.

2. Fake Commbank Email & Phishing Scam 

  • The scam email pictured above, has been detected, directing recipients to “log on to Netbank” by clicking on a link.
  • The scam message has been quite well designed, with forged Commonwealth Bank trademarks, but there is a tell-tale error in the message
    text; “to confirm your NetBank account, you are to sign on before April 1st May,
  •  2018.”
  • Small mistakes like this are often the only obvious indication that a message like this is actually a scam.
  • Clicking on the link in this message takes the scam victim to a fake Comm-Bank login page: 

  • This phishing page will harvest the victim’s bank login details, enabling the cybercriminals behind this scam to illegally gain access to
    their account.


3. Fake Office 365 Email 

  • A new scam has been identified using a fake Office 365 notification email that links to a phishing site; see screenshot
    above.
  • The scam is designed to steal your Office 365 login credentials.
  • Recipients of the scam email are informed that their "office email" will be deactivated, and instructed to click on a link in the
    message to “cancel deactivation.”

  • The link in this email is actually pointing to the fake login page that asks for Office 365 login data.
  • The sender address associated with this scam message is: ‘noreply@notifications.com’

    4.
    Fake High Court Email



    • This new scam is a classic example of criminals using the  to persuade people to click on their links.
    • This message purports to be from the “High Court of Australia” and advises the recipient that they must “pay the coasts for
      Ms Hughes” (sic) – see screenshot above.
    • No doubt this would cause some confusion for most people who open this message, so the scammers have cunningly made their link read
      “additional information,” which sounds harmless until you find out that the link is actually pointing to a malware file designed to infect
      victim’s computers.
    • This message is being sent from a compromised MailChimp account showing the following sender details:

      • From: "notification" contact@MauritiusShipModels.com
      • From: "notification" firebird@firebirdltd.com

    5. ANZ Phishing Scam

    • When people get an email from their bank, the last thing they suspect is a scam, so of course, cybercriminals regularly exploit the
      trademarks of well-known banks to make their phishing emails more convincing.
    •  A new run of scam messages has been detected, using the branding of ANZ Bank and advising victims “your access has been temporarily
      locked.” 


    • The messages go on to say “your profile will be permanently locked if you do not confirm your login details correctly. To keep your account
      safe please log on to proceed.”
    • The emails contain a link, made to look like it points to an ANZ Bank login page, but actually directing the victim to a phishing site:  



    • The screenshot above shows the fake login page designed by the scammers. You can see that the site looks quite convincing; with ANZ
      trademarks and logos.
    • Once the scam victim has entered their bank login details, they are directed to a second page- shown below – which asks them to submit
      their security verification data:


    • The sole purpose of this elaborate phishing site is to harvest the login credentials of ANZ customers so the criminals behind this scam can
      break into their bank accounts.

    6. Malware Email Scam 

    • A  new email scam has been detected using a .doc file infected with macro malware.
    • This scam email is designed to look like an E-Toll notification.
    • The message – as shown in the screenshot above – advises the victim to view their E-toll account statement but the
      attached .doc file is infected with a malicious macro which would download malware to the victim’s computer.
    • The sender display name shown on this scam message is ‘Roads and Maritime Services’:
    • The .doc attachment used in this scam advises the recipient to click “enable editing” and “enable content” but these links would activate
      macro code malware.

    7. Fake DHL Email 

    • A new email-based cyber-attack exploiting DHL branding has been detected.
    • This scam is designed to look like a ‘shipping notification’ from DHLshipping. The text of the message advises the recipient
      that they ‘have DHL shipment’ and asks them to ‘download attached to confirm your shipping details.
    • The attachment labelled ‘shipping details pdf’ is actually a .ace file containing trojan malware.
    • The trojan malware contained in this scam message could be very harmful. If you see this message appear in your inbox, please delete it to
      avoid risking damage to your computer.


    If
    you’d like any further information, assistance with your cyber security or you don’t know where to start please call us on   1300
    478 738
     or
    email us at  
    info@suretyit.com.au.

About the author:

Geoff Stewart

Geoff Stewart

Geoff Stewart is a highly experienced and skilled IT Challenger at Surety IT. His knowledge is based on years of industry experience having created customised, stable, well performing systems both for multi-national companies in the UK and Australia and Surety IT customers.

Surety IT’s mission is to address and overcome the 4 biggest problems businesses have with their IT systems and support which are: poorly performing systems, unreliable systems, unresponsive IT support and poor IT related advice.

We’ve developed a proprietary process that allows us to do that by: thoroughly understanding your business requirements, gaining an in-depth knowledge of your IT systems, identifying mission critical technology issues vital to your business performance and ensuring our ‘Solution Path’ process is specifically designed and tailored for you with value based solutions and support.

Give us a call or send us a message on our contact page to find out more about how we go about achieving these outcomes.

Scroll to Top