Surety IT Security Alert – December 2018

Share on facebook
Share on twitter
Share on linkedin
Share on pocket

Surety IT provides a monthly alert of the scams impacting Australian businesses including phishing scams, malware attacks and security

You need to be particularly aware of  –

1. NAB

  • A new phishing scam has been detected that claims to be from National Australia Bank

  • Appearing without a display name, the forged email address used is actually one that NAB have to send legitimate emails to
  • Informs recipients that there online banking account has been locked
  • The link in the email directs recipients to log into their account and takes them to a poorly designed copy of the NAB login page

  • Once on the login page, the victims are asked to input their NAB ID, Internet Banking Password and Telephone Banking Passcode
  • Once the ‘login’ button is clicked, they are redirected to the actual NAB site and the information is captured by the cyber
    criminals to access the user’s confidential data and funds. 
  • Whilst this email contains the NAB logo, there are a few indicators that this is a scam such as the poorly worded ‘please log on click’ in
    the email, the NAB logo on the webpage appears pixelated and also covers the text behind it.

2. Generic Invoice 

  • A new poorly designed email scam has been detected that leads recipients to a phishing page. 
  • The email with 2 different subject lines contain grammatical errors – an instant red flag to those conscious of email security.

  • Containing no text other than the signature of the compromised account, both emails have a PDF file attached which includes a link to
    ‘view file’.
  • If the link is clicked, victims are directed to a fake Office 365 page which requests the users email address and password to view the

3. Virtual HQ

  • A new scam has been detected that claims to be an invoice from Virtual HQ

  • Incorporating Virtual HQ’s branding, the email uses a display name of ‘Virtual Headquarters’ and includes a compromised email address
    as its sending address. 
  • Those who click on the link contained in the email are led to a blank page that is suspected to lead to a phishing page or a malicious
    file download.

4. Commbank

  • A new scam has been detected that has brandjacked Commonwealth Bank. 
  • Sent using a display name of ‘CommBank’, this email comes from a compromised email account that belongs to a Research Institute in Sweden.
  • Simple and short, the email advises recipients that errors have been found on their account details. 

  • Encouraging Users to confirm there profile details by clicking on a link, they are also advised that if they don’t confirm their
    details, they may have their access locked out.  
  • Led to an CommBank branded phishing page, victims are tricked into revealing their bank account details which includes being asked to
    generate and enter a NetCode.
  • When the NetCode is entered, it fails the first time and once entered a second time, the user is redirected to the CommBank website. 

 5. Microsoft Scam

  • Sent using a display name of ‘Microsoft Message Delivery Failure’ and with a message stating it’s from a Microsoft Trusted Source, this
    scam comes from a compromised email account

  • Claiming to be an error notification, it encourages users to click multiple malicious links

If you’d like any further information, assistance with your cyber security or you don’t know where to start
please call us on 1300 478 738
email us at

About the author:

Geoff Stewart

Geoff Stewart

Geoff Stewart is a highly experienced and skilled IT Challenger at Surety IT. His knowledge is based on years of industry experience having created customised, stable, well performing systems both for multi-national companies in the UK and Australia and Surety IT customers.

Surety IT’s mission is to address and overcome the 4 biggest problems businesses have with their IT systems and support which are: poorly performing systems, unreliable systems, unresponsive IT support and poor IT related advice.

We’ve developed a proprietary process that allows us to do that by: thoroughly understanding your business requirements, gaining an in-depth knowledge of your IT systems, identifying mission critical technology issues vital to your business performance and ensuring our ‘Solution Path’ process is specifically designed and tailored for you with value based solutions and support.

Give us a call or send us a message on our contact page to find out more about how we go about achieving these outcomes.

Scroll to Top