Surety IT Security Alert – December 2019

Surety IT provides a monthly alert of the scams impacting Australian businesses including phishing scams, malware attacks and security breaches/bugs.

You need to be particularly aware of:

1. Telstra

• In attempt to deliver a malicious Jar file download, Telstra have been impersonated as the subject of this latest email scam.
• Disguised as an invoice within a ZIP attachment, the email subject reads “Your new Telstra bill for account is attached”
• With Telstra as the display name, authentic looking branding and addressed to ‘Dear Valued Customer’, the formatting of the email is not consistent with a normal Telstra invoice and also isn’t sent from a Telstra email domain.

2. ANZ

• Featuring the NZ Black Caps, this email scam purporting to be from ANZ Banking Group, aims to obtain recipient account details.
• Advising that ‘Online Banking is Now Blocked’ for security purposes, recipients are prompted to verify their identity to unlock their account by going to a fake ANZ Internet banking login page.
• Once details are entered, recipients will receive a “Oops! Something went wrong. Please try again” message.
• The email also contains an array of links to marketing campaigns from ANZ.
• Red flags contained in this brand jacking attempt include the from address being from a suspicious domain; special characters used in the subject and at the beginning of the message body.

3. Adobe Document Cloud

• Disguised as an e-invite to an “end of year event”; this phishing scam contains Adobe Document Cloud branding and is designed to harvest confidential details.
• Containing a download link to ‘open’ the invitation, the email ends with a thank you note purporting to be from ‘The AdobeCloud Team’
• Those who click on the link are redirected to a fake One Drive branded page to view the invite.
• Spacing & formatting errors appear throughout which should alert users to it’s illegitimacy.

4. WeTransfer

• Using a display name of “WeTransfer”; this latest scam came from one of several malicious senders.
• Poorly formatted and containing a link to ‘Download your docs here’; recipients are led to a fake branded WeTransfer login page.
• Upon logging in and clicking the ‘download file’ link; users are shown a message stating that the password entered is incorrect.
• Red flags include the recipients email address used withing the email body & subject; as well as no user-specific information being used.

5. Spotify

• Impersonating Spotify by using the company’s logo and using the display name ‘Spotify’; this email scam claims that ‘Your Payment didn’t go through’.
• Recipients are informed that their subscription has been paused due to payment not being accepted and as a result ‘you will now start hearing ads’
• Those who click on the ‘Get Premium’ link to fix the ‘problem’ are led to a fake branded Spotify phishing page which requests login details as well as credit card information & billing address details upon ‘logging in’.
• Red flags include sevveral spacing and formatting errors throughout the email.

6. Commonwealth Bank

• Using various display names, each containing ‘CommBank’; this email scam originates from multiple senders belonging to different domains created specially for this scam.
• Requesting activity confirmation; a link is provided to verify your ‘transaction details’ which leads to a different bit.ly page. This then redirects to a ‘commbonk’ domain masquerading as a fake Commonwealth bank sign-in page.
• Client number and passwords are then harvested should recipients enter these details into the fake sign-in page.

If you’d like any further information, assistance with your cyber security or you don’t know where to start please call us on  1300 478 738 or email us at  info@suretyit.com.au.