Surety IT Security Alert 2 – May 2018

Share on facebook
Share on twitter
Share on linkedin
Share on pocket

Surety IT provides a monthly alert of the scams impacting Australian businesses including phishing scams, malware attacks and security
breaches/bugs.

You need to be particularly aware of  –

1. Fake ANZ Email 

  • A new cyber-attack using an email with a PDF attachment.
  • The simple email message (screenshot below) tells the recipient that they have an “over due payment” and shows a PDF attachment titled
    “Payment Analysis.pdf”

  • The PDF attachment has fake ANZ Bank branding and contains a malicious .jar file download.
  • The sending and display address associated with this scam message is: Kirsten.Anderson@dlsgroup.com

2. Fake Commbank Email & Phishing Scam 

  • A new phishing scam has been detected that uses UPS branding to try and win the trust of victims.
  • This well-designed scam message tells recipients that their “UPS” package is available for delivery and invites them to track their parcel
    by clicking on a link; see screenshot above.
  • The link in the message actually takes victims of this scam to a phishing website, where they are asked to log in with their Microsoft
    credentials.
  • The fake login page is shown in the screenshot below:

  • The display name on these scam messages is “Package Tracking” and the displayed sending address is “ed@weaversorchard.com.”
  • This scam is operating on a compromised website and although it looks quite convincing, it’s sole purpose is to steal the user login
    details of victims.


3. Fake Job Application Email

  • A new scam has been detected posing as a job application email.
  • The scam looks like a message from a job applicant, linking to their resume but the link in the email actually directs to a malware file
    that targets devices running Windows operating systems.
  • Although this scam looks simple, the criminals behind it are using thousands of compromised websites and email addresses to power the
    attack and avoid the scam being shut down.
  • Because the scam uses actual email addresses that have been hacked, the sender details also belong to the real people whose accounts have
    been hijacked.

4. Fake Asic Email 

  • The email in the screenshot above is a scam message using a fake ASIC logo to deceive recipients.
  • ASIC – The Australian Securities and Investments Commission – is Australia’s main financial services and consumer credit regulation body.
  • ASIC commands a lot of authority and their branding, therefore, makes a useful tool for cybercriminals running a scam.
  • This email purports to be an ASIC business name renewal notification and advises the recipient to click on a link to read a “renewal
    letter,” but the link actually  a malware file.
  • Files of this type may deliver spyware, trojans or viruses to the victim’s computer.

5. Fake MYOB Email 

  • A major cyber-attack has been detected using fake MYOB branded messages – like the one in the screenshot above – that link to malware
  • The “view invoice” link in the message points to a .doc file which is infected with hidden malware, which will infiltrate the victim’s
    computer automatically when it is opened.
  • The message in this scam is using randomly selected sender addresses to try and bypass detection, but all the sender URLs seem to belong
    to one of the following domains:

    • casmai.com
    • csgorc.com
    • emarve.com
    • spaarknotes.com
    • vmartinsart.com
  • These are all newly registered domains created in China.

6. Fake Companies House Email 

  • This scam email is designed to look like a “company complaint” notification issued by the British Government body Companies House.
  • This email appears to come from the senders “Companies House"; noreply[at]cp-gov.uk – or noreply[at]cpgov.uk.
  • It is well formatted so it looks quite convincing however, the attached word document contains a malware payload designed to infect victims
    computers if they open it.

7. Fake GIO Insurance Email 

  • If you get this simple looking little email in your inbox, don’t click on the link and open the .doc file it points to.
  • Although the scammers that sent it tried to make it look like a GIO Insurance notification, the sole purpose of this message is to deliver
    malware.
  • The .doc file contains hidden code that will deliver malicious software to the victim’s computer in the background, without their
    knowledge.
  • There are 2 different sender display addresses associated with this attack:

    • “From: GIO Insurance insurance@nufloor.com.au”
    • “From: GIO Insurance postmaster@emilac.com”
  • Checking the sender addresses on scam messages like this one is one way to help identify that they are fakes.


If you’d like any further information, assistance with your cyber security or you don’t know where to start please call us on  
1300
478 738
 or
email us at 
info@suretyit.com.au.

About the author:

Geoff Stewart

Geoff Stewart

Geoff Stewart is a highly experienced and skilled IT Challenger at Surety IT. His knowledge is based on years of industry experience having created customised, stable, well performing systems both for multi-national companies in the UK and Australia and Surety IT customers.

Surety IT’s mission is to address and overcome the 4 biggest problems businesses have with their IT systems and support which are: poorly performing systems, unreliable systems, unresponsive IT support and poor IT related advice.

We’ve developed a proprietary process that allows us to do that by: thoroughly understanding your business requirements, gaining an in-depth knowledge of your IT systems, identifying mission critical technology issues vital to your business performance and ensuring our ‘Solution Path’ process is specifically designed and tailored for you with value based solutions and support.

Give us a call or send us a message on our contact page to find out more about how we go about achieving these outcomes.

Scroll to Top