Surety IT Security Alert – August 2019

Share on facebook
Share on twitter
Share on linkedin
Share on pocket
Cartoon depiction of scammer at a computer

Surety IT provides a monthly alert of the scams impacting Australian businesses including phishing scams, malware attacks and security breaches/bugs.

You need to be particularly aware of:

1. Paypal

  • PayPal have been spoofed in this latest multi-staged phishing email scam which ironically utilises safety features to steal confidential data of users.
  • Sent using a compromised account of the newsletter email service ( and using the display name “PayPal”, this email is a ‘quick confirmation’ of a ‘new email address being added to their PayPal account’
  • Recipients who click on the link ‘let us know right away’ are led to a convincing copy of the PayPal website and are first shown a ‘loading’ page containing the PayPal logo.
  • This page then leads recipients to another PayPal branded login page requesting an email or a mobile number and upon clicking next, are requested to enter their password. Once logged in, recipients are requested to update their billing address and credit card information.
  • Once all details are submitted, recipients are then directed to the actual PayPal website.

2. Review Document

  • Sent by a single compromised domain, this email to ‘review document’ may contain a malicious payload.
  • Presented by a credible and well-crafted looking DocuSign fake notification, it informs recipients that ‘Unicoi State Park & Lodge’ has sent them a document.
  • Those who click on the link are led to what currently is a blank page, but it is important to note that malicious 3rd parties can use these links as a platform for future attacks.
  • Several techniques have been used in this particular email to make it look like a genuine notification from DocuSign and as their service requires users to click a link to download files, it is a convenient trojan horse for malicious attacks.

3. Remittance Advice

  • Masquerading as ‘remittance advice’, this latest malicious email originates from 3 different compromised domains.
  • Appearing in plain-text form and an extremely short message body, the subject line advises recipients of a ‘remittance advice attached’
  • Those who click on the PDF attachment are led to a fake OneDrive page hosted on
  • Should recipients click on the ‘View Document’ button, they are led to the actual phishing page which is a multi-platform login form giving options to login using Office 365, Outlook and other email domains.
  • Using high-definition graphics and branding of well-know email providers, this email has boosted the scam’s authenticity by giving an option to use an email address of their choosing which is normally expected from credible and well-established file-hosting services such as

4. Voicemail

  • Sent via a different sender, the beginning of the email address is randomly generated and each email subject is customised with the domain name of the recipient.
  • Recipients who click on the attachment are led to a fake Microsoft login page.
  • Designed to harvest confidential details, this emails scam preys on curiosity of recipients who my not be expecting a voice message and contains red flags such as the lack of a message in the email body and an unknown domain.

5. Facebook

  • Using the display name ‘Facebook’ with a domain to match, this email comes from a single compromised domain made specifically for this scam.
  • Titled ‘Action Required’, it informs recipients that their ability to post and new ‘stories’ and/or events’ has been disabled until their identity can be verified by providing scanned copies of valid IDs such as Drivers license, Passport or Medicare card.
  • Trying to spark panic and concern amongst recipients, this email contains red flags such as formatting errors and spacing issues.

6. Ebay

  • Using the display name ‘eBay’, this latest email scam is being sent with the subject ‘eBay account restriction’
  • Informs recipients that their ‘selling privileges’ have been restricted and ‘any active or pending listings have been removed’ due to ‘recent activity’ on the account.
  • Requests recipients to verify their identity by providing scanned copies of valid IDs such as their Drivers’ license or Passport
  • The email contains 4 steps on how to do so along with what happens after the documents are submitted.
  • Designed to harvest confidential data of eBay sellers, this scam contains several red flags including grammatical errors and spacing issues.

If you’d like any further information, assistance with your cyber security or you don’t know where to start please call us on  1300 478 738 or email us at

Find out how we can help with your IT challenges.
Talk to us today 1300 478 738 or Email

Subscribe for the latest industry news, updates and advice.

About the author:

Geoff Stewart

Geoff Stewart

Geoff Stewart is a highly experienced and skilled IT Challenger at Surety IT. His knowledge is based on years of industry experience having created customised, stable, well performing systems both for multi-national companies in the UK and Australia and Surety IT customers.

Surety IT’s mission is to address and overcome the 4 biggest problems businesses have with their IT systems and support which are: poorly performing systems, unreliable systems, unresponsive IT support and poor IT related advice.

We’ve developed a proprietary process that allows us to do that by: thoroughly understanding your business requirements, gaining an in-depth knowledge of your IT systems, identifying mission critical technology issues vital to your business performance and ensuring our ‘Solution Path’ process is specifically designed and tailored for you with value based solutions and support.

Give us a call or send us a message on our contact page to find out more about how we go about achieving these outcomes.

Scroll to Top