Surety IT provides a monthly alert of the scams impacting Australian businesses including phishing scams, malware attacks and security
You need to be particularly aware of –
1. Telstra bill scam
- A new phishing scam has been detected that looks like it has been sent by Telstra.
- It encourages the recipient to ‘pay now’.
- The link in the message takes the victim to a phishing page made to look like a real Telstra login portal.
- The phishing page harvests the personal data and password of the victim and forwards them to a second page which collects their credit
- To identify the scam, If you look at the website address for the portal, you will see that it is not a Telstra website.
2. CBA email scam
- A new phishing scam has been detected that has brand-jacked CBA.
- This phishing email hopes that the victim clicks on the link which directs them to a fake but convincing CBA login page.
- If the victim inputs their details the scammers have all of the details they need to access the account and take any money in it.
3. Office 365 brand-jacking
- A new scam has been detected that claims to be from Microsoft.
- If a victim clicks on the “Recover Messages” link they are directed to a fake Microsoft login portal set up to harvest their
- If the victim enters their credentials they are then directed to a genuine Microsoft website, so it looks like nothing is amiss.
4. NAB brand-jacking
- This new scam email uses NAB branding to try and persuade victims that it is genuine.
- There is a pdf attachment which links to a file hosted on Dropbox.
- The file contains malicious software which when opened automatically installs on the victim’s computer.
5. Fake OneDrive notification
- A new scam has been detected that claims to be from Microsoft OneDrive.
- If a victim clicks on the “View Completed Document” link they are directed to a fake OneDrive login portal set up to harvest their
5. Fake American Express Notification
- A new scam has been detected that claims to be from American Express.
- It tries to convince the recipient to register on-line to access your paperless statements.
- The link points to a phishing page that has been set up to harvest the victim’s email credentials.
- The giveaway is that the email address from OnlineServices@mail.ziggo.nl.