Surety IT Security Alert – August 2019

Share on facebook
Share on twitter
Share on linkedin
Share on pocket
Cartoon depiction of scammer at a computer

Surety IT provides a monthly alert of the scams impacting Australian businesses including phishing scams, malware attacks and security breaches/bugs.

You need to be particularly aware of:

1. Paypal

  • PayPal have been spoofed in this latest multi-staged phishing email scam which ironically utilises safety features to steal confidential data of users.
  • Sent using a compromised account of the newsletter email service (newsletter.com.au) and using the display name “PayPal”, this email is a ‘quick confirmation’ of a ‘new email address being added to their PayPal account’
  • Recipients who click on the link ‘let us know right away’ are led to a convincing copy of the PayPal website and are first shown a ‘loading’ page containing the PayPal logo.
  • This page then leads recipients to another PayPal branded login page requesting an email or a mobile number and upon clicking next, are requested to enter their password. Once logged in, recipients are requested to update their billing address and credit card information.
  • Once all details are submitted, recipients are then directed to the actual PayPal website.

2. Review Document

  • Sent by a single compromised domain, this email to ‘review document’ may contain a malicious payload.
  • Presented by a credible and well-crafted looking DocuSign fake notification, it informs recipients that ‘Unicoi State Park & Lodge’ has sent them a document.
  • Those who click on the link are led to what currently is a blank page, but it is important to note that malicious 3rd parties can use these links as a platform for future attacks.
  • Several techniques have been used in this particular email to make it look like a genuine notification from DocuSign and as their service requires users to click a link to download files, it is a convenient trojan horse for malicious attacks.

3. Remittance Advice

  • Masquerading as ‘remittance advice’, this latest malicious email originates from 3 different compromised domains.
  • Appearing in plain-text form and an extremely short message body, the subject line advises recipients of a ‘remittance advice attached’
  • Those who click on the PDF attachment are led to a fake OneDrive page hosted on box.com
  • Should recipients click on the ‘View Document’ button, they are led to the actual phishing page which is a multi-platform login form giving options to login using Office 365, Outlook and other email domains.
  • Using high-definition graphics and branding of well-know email providers, this email has boosted the scam’s authenticity by giving an option to use an email address of their choosing which is normally expected from credible and well-established file-hosting services such as
    OneDrive.

4. Voicemail

  • Sent via a different sender, the beginning of the email address is randomly generated and each email subject is customised with the domain name of the recipient.
  • Recipients who click on the attachment are led to a fake Microsoft login page.
  • Designed to harvest confidential details, this emails scam preys on curiosity of recipients who my not be expecting a voice message and contains red flags such as the lack of a message in the email body and an unknown domain.

5. Facebook

  • Using the display name ‘Facebook’ with a domain to match, this email comes from a single compromised domain made specifically for this scam.
  • Titled ‘Action Required’, it informs recipients that their ability to post and new ‘stories’ and/or events’ has been disabled until their identity can be verified by providing scanned copies of valid IDs such as Drivers license, Passport or Medicare card.
  • Trying to spark panic and concern amongst recipients, this email contains red flags such as formatting errors and spacing issues.

6. Ebay

  • Using the display name ‘eBay’, this latest email scam is being sent with the subject ‘eBay account restriction’
  • Informs recipients that their ‘selling privileges’ have been restricted and ‘any active or pending listings have been removed’ due to ‘recent activity’ on the account.
  • Requests recipients to verify their identity by providing scanned copies of valid IDs such as their Drivers’ license or Passport
  • The email contains 4 steps on how to do so along with what happens after the documents are submitted.
  • Designed to harvest confidential data of eBay sellers, this scam contains several red flags including grammatical errors and spacing issues.

If you’d like any further information, assistance with your cyber security or you don’t know where to start please call us on  1300 478 738 or email us at  info@suretyit.com.au.

Find out how we can help with your IT challenges.
Talk to us today 1300 478 738 or Email

Subscribe for the latest industry news, updates and advice.

About the author:

Ash Klemm

Ash Klemm

Ash has over 20 years of experience in sales and marketing.His journey from a casual salesperson at Chandlers to State Manager at a national IT distribution company, while battling health issues, including a double lung transplant in 2015, gave him the experience, know-how, tenacity, and marketing insight, to find solutions and help businesses grow.After spending several years in the ivory tower of state management, Ash missed the genuine connection of face to face meetings and helping make a difference to businesses in need.His authentic, conversational, and easy-going nature helps our customers feel at ease and shows them we are a brand to trust. Ash spends his days advocating for our customers to ensure they receive the best possible service in a timely fashion. Ash is also the in house chair builder.His curiosity and natural problem-solving ability make him the perfect first call for all our new customers to help determine what is wrong, how Surety IT can help and what the best solutions are moving forward.
Scroll to Top