Surety IT Security Alert – December 2018

Surety IT provides a monthly alert of the scams impacting Australian businesses including phishing scams, malware attacks and security

You need to be particularly aware of  –

1. NAB

  • A new phishing scam has been detected that claims to be from National Australia Bank
  • Appearing without a display name, the forged email address used is actually one that NAB have to send legitimate emails to
  • Informs recipients that there online banking account has been locked
  • The link in the email directs recipients to log into their account and takes them to a poorly designed copy of the NAB login page
  • Once on the login page, the victims are asked to input their NAB ID, Internet Banking Password and Telephone Banking Passcode
  • Once the ‘login’ button is clicked, they are redirected to the actual NAB site and the information is captured by the cyber
    criminals to access the user’s confidential data and funds.
  • Whilst this email contains the NAB logo, there are a few indicators that this is a scam such as the poorly worded ‘please log on click’ in
    the email, the NAB logo on the webpage appears pixelated and also covers the text behind it.

2. Generic Invoice

  • A new poorly designed email scam has been detected that leads recipients to a phishing page.
  • The email with 2 different subject lines contain grammatical errors – an instant red flag to those conscious of email security.
  • Containing no text other than the signature of the compromised account, both emails have a PDF file attached which includes a link to
    ‘view file’.
  • If the link is clicked, victims are directed to a fake Office 365 page which requests the users email address and password to view the

3. Virtual HQ

  • A new scam has been detected that claims to be an invoice from Virtual HQ
  • Incorporating Virtual HQ’s branding, the email uses a display name of ‘Virtual Headquarters’ and includes a compromised email address
    as its sending address.
  • Those who click on the link contained in the email are led to a blank page that is suspected to lead to a phishing page or a malicious
    file download.

4. Commbank


  • A new scam has been detected that has brandjacked Commonwealth Bank.
  • Sent using a display name of ‘CommBank’, this email comes from a compromised email account that belongs to a Research Institute in Sweden.
  • Simple and short, the email advises recipients that errors have been found on their account details.
  • Encouraging Users to confirm there profile details by clicking on a link, they are also advised that if they don’t confirm their
    details, they may have their access locked out.
  • Led to an CommBank branded phishing page, victims are tricked into revealing their bank account details which includes being asked to
    generate and enter a NetCode.
  • When the NetCode is entered, it fails the first time and once entered a second time, the user is redirected to the CommBank website.


 5. Microsoft Scam

  • Sent using a display name of ‘Microsoft Message Delivery Failure’ and with a message stating it’s from a Microsoft Trusted Source, this
    scam comes from a compromised email account
  • Claiming to be an error notification, it encourages users to click multiple malicious links


Contact Us

This field is for validation purposes and should be left unchanged.

Find out how we can help with your IT challenges.

About the author:

Picture of Ash Klemm

Ash Klemm

Ash has over 20 years of experience in sales and marketing. His journey from a casual salesperson at Chandlers to State Manager at a national IT distribution company, while battling health issues, including a double lung transplant in 2015, gave him the experience, know-how, tenacity, and marketing insight, to find solutions and help businesses grow. After spending several years in the ivory tower of state management, Ash missed the genuine connection of face to face meetings and helping make a difference to businesses in need. His authentic, conversational, and easy-going nature helps our customers feel at ease and shows them we are a brand to trust. Ash spends his days advocating for our customers to ensure they receive the best possible service in a timely fashion. Ash is also the in house chair builder. His curiosity and natural problem-solving ability make him the perfect first call for all our new customers to help determine what is wrong, how Surety IT can help and what the best solutions are moving forward.
Scroll to Top