Surety IT Security Alert – December 2019

Surety IT provides a monthly alert of the scams impacting Australian businesses including phishing scams, malware attacks and security breaches/bugs.

You need to be particularly aware of:

1. Telstra

  • In attempt to deliver a malicious Jar file download, Telstra have been impersonated as the subject of this latest email scam.
  • Disguised as an invoice within a ZIP attachment, the email subject reads “Your new Telstra bill for account is attached”
  • With Telstra as the display name, authentic looking branding and addressed to ‘Dear Valued Customer’, the formatting of the email is not consistent with a normal Telstra invoice and also isn’t sent from a Telstra email domain.

Telstra Scam

2. ANZ

  • Featuring the NZ Black Caps, this email scam purporting to be from ANZ Banking Group, aims to obtain recipient account details.
  • Advising that ‘Online Banking is Now Blocked’ for security purposes, recipients are prompted to verify their identity to unlock their account by going to a fake ANZ Internet banking login page.
  • Once details are entered, recipients will receive a “Oops! Something went wrong. Please try again” message.
  • The email also contains an array of links to marketing campaigns from ANZ.
  • Red flags contained in this brand jacking attempt include the from address being from a suspicious domain; special characters used in the subject and at the beginning of the message body.

ANZ Email Scam

3. Adobe Document Cloud

  • Disguised as an e-invite to an “end of year event”; this phishing scam contains Adobe Document Cloud branding and is designed to harvest confidential details.
  • Containing a download link to ‘open’ the invitation, the email ends with a thank you note purporting to be from ‘The AdobeCloud Team’
  • Those who click on the link are redirected to a fake One Drive branded page to view the invite.
  • Spacing & formatting errors appear throughout which should alert users to it’s illegitimacy.

Adobe Email Scam


4. WeTransfer

  • Using a display name of “WeTransfer”; this latest scam came from one of several malicious senders.
  • Poorly formatted and containing a link to ‘Download your docs here’; recipients are led to a fake branded WeTransfer login page.
  • Upon logging in and clicking the ‘download file’ link; users are shown a message stating that the password entered is incorrect.
  • Red flags include the recipients email address used withing the email body & subject; as well as no user-specific information being used.

WeTransfer Email Scam

5. Spotify

  • Impersonating Spotify by using the company’s logo and using the display name ‘Spotify’; this email scam claims that ‘Your Payment didn’t go through’.
  • Recipients are informed that their subscription has been paused due to payment not being accepted and as a result ‘you will now start hearing ads’
  • Those who click on the ‘Get Premium’ link to fix the ‘problem’ are led to a fake branded Spotify phishing page which requests login details as well as credit card information & billing address details upon ‘logging in’.
  • Red flags include sevveral spacing and formatting errors throughout the email.

Spotify Email Scam

6. Commonwealth Bank

  • Using various display names, each containing ‘CommBank’; this email scam originates from multiple senders belonging to different domains created specially for this scam.
  • Requesting activity confirmation; a link is provided to verify your ‘transaction details’ which leads to a different page. This then redirects to a ‘commbonk’ domain masquerading as a fake Commonwealth bank sign-in page.
  • Client number and passwords are then harvested should recipients enter these details into the fake sign-in page.

CommBank Email Scam

If you’d like any further information, assistance with your cyber security or you don’t know where to start please call us on  1300 478 738 or email us at

Contact Us

This field is for validation purposes and should be left unchanged.

Find out how we can help with your IT challenges.

About the author:

Picture of Ash Klemm

Ash Klemm

Ash has over 20 years of experience in sales and marketing. His journey from a casual salesperson at Chandlers to State Manager at a national IT distribution company, while battling health issues, including a double lung transplant in 2015, gave him the experience, know-how, tenacity, and marketing insight, to find solutions and help businesses grow. After spending several years in the ivory tower of state management, Ash missed the genuine connection of face to face meetings and helping make a difference to businesses in need. His authentic, conversational, and easy-going nature helps our customers feel at ease and shows them we are a brand to trust. Ash spends his days advocating for our customers to ensure they receive the best possible service in a timely fashion. Ash is also the in house chair builder. His curiosity and natural problem-solving ability make him the perfect first call for all our new customers to help determine what is wrong, how Surety IT can help and what the best solutions are moving forward.
Scroll to Top