Surety IT provides a monthly alert of the scams impacting Australian businesses including phishing scams, malware attacks and security
breaches/bugs.
You need to be particularly aware of –
1. ATO
- In this latest phishing scam, the ATO has been targeted in yet another variation of scams distributed by cybercriminals over many
years. - Email is sent using display name ‘Shipments in transit’ and is from a compromised account.
- Formatted in plain-text, the email begins with ‘Dear sir’ and requests recipients contact the ATO
- Directed to the attached ‘Tax Documents’, the link within the PDF leads to a phishing page with an ATO logo tiled background.
- Once on this page, victims are requested to sign in with their email and password, they then are redirected to the Yahoo! login page.
2. Netflix
- In yet another scam targeting Netflix, this latest phishing scam contains several red flags including grammatical, spelling and spacing
errors throughout the email. - Using special characters to obscure the display name of ‘Netflix’ and sent from a compromised account, this scam advises recipients that
they are supposedly facing ‘some trouble’ with ‘billing information’. - Recipients are then directed to update their ‘MASTERCARD’ payment details by clicking on the ‘Update Account Now’ button.
- Those who click are led to a phishing site page hosted on Blogspot which has since been taken down and is no longer being displayed.
3. Xero
- Spoofed in yet another scam, cyber criminals are sending hoax invoice notifications purporting to be from Xero.
- Sent from the domain ‘@post.xero.com’, the email advises recipients that their Xero invoice is ready and the amount will be debited from
their credit card on or after ’23 Oct 2018′ - Those who click on the INV link are led to what is currently showing as a blank page but is suspected to serve a malicious file
download. - The red flag in this scam is that the real Xero invoices using a PDF attachment rather than a link to an external website.
4. Optus
- Optus have once again been targets of cyber crime.
- In this latest scam and appearing in several variations using the domain ‘optusnet.com.au’, this one is designed to result in running a
malicious .vbs file. - In the first example, sent in plain text format, the scam advises recipients that their ‘Public Question/Statement Time Request Form’ is
attached. - The email body claims the copy is attached as a ‘MS Wd’ as the form made the font very small; however the attached is a password protected
ZIP archive and if accessed using the password in the email, contains a malicious VBS file.
- The second example states that it is for a Federal Police Check and asks the recipient to review it.
- The body of the email advises that their application is attached; however no files are attached to the email. Instead the words ‘attached
application’ and ‘your application’ are linked to a .zip file download which contains the malicious VBS file.
.
5. Invoice2Go
- In this latest scam, cyber criminals are sending hoax invoice notifications purporting to be from the popular invoicing app, Invoice2Go.
- Sent by one of several compromised accounts, the display name ‘Invoice2go’ is used and advises recipients that their ‘invoice has not been
opened yet’ and includes a link to view the invoice. - Currently leading to a blank page, it has been discovered in some cases that the link triggers a download of a malicious file.
- Looking quite convincing due to the inclusions of Invoice2Go’s branding and logo, the usage of the subject ‘unopened invoice’ also
creates a sense of mystery and urgency prompting the recipient to view the invoice.
If you’d like any further information, assistance with your cyber security or you don’t know where to start please call us on 1300
478 738
or email us at info@suretyit.com.au.
