Surety IT Security Alert 2 – May 2018

Surety IT provides a monthly alert of the scams impacting Australian businesses including phishing scams, malware attacks and security
breaches/bugs.

You need to be particularly aware of  –

1. Fake ANZ Email

  • A new cyber-attack using an email with a PDF attachment.
  • The simple email message (screenshot below) tells the recipient that they have an “over due payment” and shows a PDF attachment titled
    “Payment Analysis.pdf”
  • The PDF attachment has fake ANZ Bank branding and contains a malicious .jar file download.
  • The sending and display address associated with this scam message is: Kirsten.Anderson@dlsgroup.com

2. Fake Commbank Email & Phishing Scam

  • A new phishing scam has been detected that uses UPS branding to try and win the trust of victims.
  • This well-designed scam message tells recipients that their “UPS” package is available for delivery and invites them to track their parcel
    by clicking on a link; see screenshot above.
  • The link in the message actually takes victims of this scam to a phishing website, where they are asked to log in with their Microsoft
    credentials.
  • The fake login page is shown in the screenshot below:
  • The display name on these scam messages is “Package Tracking” and the displayed sending address is “ed@weaversorchard.com.”
  • This scam is operating on a compromised website and although it looks quite convincing, it’s sole purpose is to steal the user login
    details of victims.

3. Fake Job Application Email

  • A new scam has been detected posing as a job application email.
  • The scam looks like a message from a job applicant, linking to their resume but the link in the email actually directs to a malware file
    that targets devices running Windows operating systems.
  • Although this scam looks simple, the criminals behind it are using thousands of compromised websites and email addresses to power the
    attack and avoid the scam being shut down.
  • Because the scam uses actual email addresses that have been hacked, the sender details also belong to the real people whose accounts have
    been hijacked.

 

4. Fake Asic Email

  • The email in the screenshot above is a scam message using a fake ASIC logo to deceive recipients.
  • ASIC – The Australian Securities and Investments Commission – is Australia’s main financial services and consumer credit regulation body.
  • ASIC commands a lot of authority and their branding, therefore, makes a useful tool for cybercriminals running a scam.
  • This email purports to be an ASIC business name renewal notification and advises the recipient to click on a link to read a “renewal
    letter,” but the link actually  a malware file.
  • Files of this type may deliver spyware, trojans or viruses to the victim’s computer.

 

5. Fake MYOB Email

  • A major cyber-attack has been detected using fake MYOB branded messages – like the one in the screenshot above – that link to malware
  • The “view invoice” link in the message points to a .doc file which is infected with hidden malware, which will infiltrate the victim’s
    computer automatically when it is opened.
  • The message in this scam is using randomly selected sender addresses to try and bypass detection, but all the sender URLs seem to belong
    to one of the following domains:

    • casmai.com
    • csgorc.com
    • emarve.com
    • spaarknotes.com
    • vmartinsart.com
  • These are all newly registered domains created in China.

6. Fake Companies House Email

 

  • This scam email is designed to look like a “company complaint” notification issued by the British Government body Companies House.
  • This email appears to come from the senders “Companies House”; noreply[at]cp-gov.uk – or noreply[at]cpgov.uk.
  • It is well formatted so it looks quite convincing however, the attached word document contains a malware payload designed to infect victims
    computers if they open it.

 

7. Fake GIO Insurance Email

 

  • If you get this simple looking little email in your inbox, don’t click on the link and open the .doc file it points to.
  • Although the scammers that sent it tried to make it look like a GIO Insurance notification, the sole purpose of this message is to deliver
    malware.
  • The .doc file contains hidden code that will deliver malicious software to the victim’s computer in the background, without their
    knowledge.
  • There are 2 different sender display addresses associated with this attack:
    • “From: GIO Insurance insurance@nufloor.com.au”
    • “From: GIO Insurance postmaster@emilac.com”
  • Checking the sender addresses on scam messages like this one is one way to help identify that they are fakes.

Contact Us

Name(Required)
This field is for validation purposes and should be left unchanged.

Find out how we can help with your IT challenges.

About the author:

Ash Klemm

Ash Klemm

Ash has over 20 years of experience in sales and marketing.His journey from a casual salesperson at Chandlers to State Manager at a national IT distribution company, while battling health issues, including a double lung transplant in 2015, gave him the experience, know-how, tenacity, and marketing insight, to find solutions and help businesses grow.After spending several years in the ivory tower of state management, Ash missed the genuine connection of face to face meetings and helping make a difference to businesses in need.His authentic, conversational, and easy-going nature helps our customers feel at ease and shows them we are a brand to trust. Ash spends his days advocating for our customers to ensure they receive the best possible service in a timely fashion. Ash is also the in house chair builder.His curiosity and natural problem-solving ability make him the perfect first call for all our new customers to help determine what is wrong, how Surety IT can help and what the best solutions are moving forward.
Scroll to Top