Surety IT Security Alert – December 2019

Share on facebook
Share on twitter
Share on linkedin
Share on pocket
Scam Alert

Surety IT provides a monthly alert of the scams impacting Australian businesses including phishing scams, malware attacks and security breaches/bugs.

You need to be particularly aware of:

1. Telstra

  • In attempt to deliver a malicious Jar file download, Telstra have been impersonated as the subject of this latest email scam.
  • Disguised as an invoice within a ZIP attachment, the email subject reads “Your new Telstra bill for account is attached”
  • With Telstra as the display name, authentic looking branding and addressed to ‘Dear Valued Customer’, the formatting of the email is not consistent with a normal Telstra invoice and also isn’t sent from a Telstra email domain.

Telstra Scam


2. ANZ

  • Featuring the NZ Black Caps, this email scam purporting to be from ANZ Banking Group, aims to obtain recipient account details.
  • Advising that ‘Online Banking is Now Blocked’ for security purposes, recipients are prompted to verify their identity to unlock their account by going to a fake ANZ Internet banking login page.
  • Once details are entered, recipients will receive a “Oops! Something went wrong. Please try again” message.
  • The email also contains an array of links to marketing campaigns from ANZ.
  • Red flags contained in this brand jacking attempt include the from address being from a suspicious domain; special characters used in the subject and at the beginning of the message body.

ANZ Email Scam


3. Adobe Document Cloud

  • Disguised as an e-invite to an “end of year event”; this phishing scam contains Adobe Document Cloud branding and is designed to harvest confidential details.
  • Containing a download link to ‘open’ the invitation, the email ends with a thank you note purporting to be from ‘The AdobeCloud Team’
  • Those who click on the link are redirected to a fake One Drive branded page to view the invite.
  • Spacing & formatting errors appear throughout which should alert users to it’s illegitimacy.

Adobe Email Scam

 


4. WeTransfer

  • Using a display name of “WeTransfer”; this latest scam came from one of several malicious senders.
  • Poorly formatted and containing a link to ‘Download your docs here’; recipients are led to a fake branded WeTransfer login page.
  • Upon logging in and clicking the ‘download file’ link; users are shown a message stating that the password entered is incorrect.
  • Red flags include the recipients email address used withing the email body & subject; as well as no user-specific information being used.

WeTransfer Email Scam


5. Spotify

  • Impersonating Spotify by using the company’s logo and using the display name ‘Spotify’; this email scam claims that ‘Your Payment didn’t go through’.
  • Recipients are informed that their subscription has been paused due to payment not being accepted and as a result ‘you will now start hearing ads’
  • Those who click on the ‘Get Premium’ link to fix the ‘problem’ are led to a fake branded Spotify phishing page which requests login details as well as credit card information & billing address details upon ‘logging in’.
  • Red flags include sevveral spacing and formatting errors throughout the email.

Spotify Email Scam


6. Commonwealth Bank

  • Using various display names, each containing ‘CommBank’; this email scam originates from multiple senders belonging to different domains created specially for this scam.
  • Requesting activity confirmation; a link is provided to verify your ‘transaction details’ which leads to a different bit.ly page. This then redirects to a ‘commbonk’ domain masquerading as a fake Commonwealth bank sign-in page.
  • Client number and passwords are then harvested should recipients enter these details into the fake sign-in page.

CommBank Email Scam

If you’d like any further information, assistance with your cyber security or you don’t know where to start please call us on  1300 478 738 or email us at  info@suretyit.com.au.

About the author:

Geoff Stewart

Geoff Stewart

Geoff Stewart is a highly experienced and skilled IT Challenger at Surety IT. His knowledge is based on years of industry experience having created customised, stable, well performing systems both for multi-national companies in the UK and Australia and Surety IT customers.

Surety IT’s mission is to address and overcome the 4 biggest problems businesses have with their IT systems and support which are: poorly performing systems, unreliable systems, unresponsive IT support and poor IT related advice.

We’ve developed a proprietary process that allows us to do that by: thoroughly understanding your business requirements, gaining an in-depth knowledge of your IT systems, identifying mission critical technology issues vital to your business performance and ensuring our ‘Solution Path’ process is specifically designed and tailored for you with value based solutions and support.

Give us a call or send us a message on our contact page to find out more about how we go about achieving these outcomes.

Scroll to Top