Surety IT Security Alert – August 2018

Share on facebook
Share on twitter
Share on linkedin
Share on pocket

Surety IT provides a monthly alert of the scams impacting Australian businesses including phishing scams, malware attacks and security
breaches/bugs.

You need to be particularly aware of  –

1. Telstra bill scam




  • A new phishing scam has been detected that looks like it has been sent by Telstra.
  • It encourages the recipient to ‘pay now’.
  • The link in the message takes the victim to a phishing page made to look like a real Telstra login portal.
  • The phishing page harvests the personal data and password of the victim and forwards them to a second page which collects their credit
    card details.
  • To identify the scam,  If you look at the website address for the portal, you will see that it is not a Telstra website.

2. CBA email scam 

  • A new phishing scam has been detected that has brand-jacked CBA.
  • This phishing email hopes that the victim clicks on the link which directs them to a fake but convincing CBA login page.
  • If the victim inputs their details the scammers have all of the details they need to access the account and take any money in it.


3. Office 365 brand-jacking

  • A new scam has been detected that claims to be from Microsoft.
  • If a victim clicks on the "Recover Messages" link they are directed to a fake Microsoft login portal set up to harvest their
    login credentials.
  • If the victim enters their credentials they are then directed to a genuine Microsoft website, so it looks like nothing is amiss.

4. NAB brand-jacking

  • This new scam email uses NAB branding to try and persuade victims that it is genuine.
  • There is a pdf attachment which links to a file hosted on Dropbox. 
  • The file contains malicious software which when opened automatically installs on the victim’s computer.

 

5. Fake OneDrive notification


  • A new scam has been detected that claims to be from Microsoft OneDrive.
  • If a victim clicks on the "View Completed Document" link they are directed to a fake OneDrive login portal set up to harvest their
    login credentials.


5. Fake American Express Notification


  • A new scam has been detected that claims to be from American Express.
  • It tries to convince the recipient to register on-line to access your paperless statements.
  • The link points to a phishing page that has been set up to harvest the victim’s email credentials.
  • The giveaway is that the email address from OnlineServices@mail.ziggo.nl.



If you’d like any further information, assistance with your cyber security or you don’t know where to start
please call us on   1300 478 738
 or
email us at 
info@suretyit.com.au.

About the author:

Geoff Stewart

Geoff Stewart

Geoff Stewart is a highly experienced and skilled IT Challenger at Surety IT. His knowledge is based on years of industry experience having created customised, stable, well performing systems both for multi-national companies in the UK and Australia and Surety IT customers.

Surety IT’s mission is to address and overcome the 4 biggest problems businesses have with their IT systems and support which are: poorly performing systems, unreliable systems, unresponsive IT support and poor IT related advice.

We’ve developed a proprietary process that allows us to do that by: thoroughly understanding your business requirements, gaining an in-depth knowledge of your IT systems, identifying mission critical technology issues vital to your business performance and ensuring our ‘Solution Path’ process is specifically designed and tailored for you with value based solutions and support.

Give us a call or send us a message on our contact page to find out more about how we go about achieving these outcomes.

Scroll to Top