Surety IT Security Alert – February 2019

Surety IT provides a monthly alert of the scams impacting Australian businesses including phishing scams, malware attacks and security
breaches/bugs.

You need to be particularly aware of –

1. Telstra and DocuSign

  • In order to boost legitimacy, cybercriminals have gone a step further and included both Telstra and DocuSign in this latest email scam.
  • The email advises recipients that Telstra has sent them a document to review and sign.
  • Sent from a supposed contact from a Telstra Business Centre branch, their name is used in multiple locations including the message body.

 

 

  • Recipients who click on the link ‘Review Document’ may initiate a malicious file download to their computer.

2. Netflix

  • Using a display name of ‘NETFLlX’ with a lower case ‘L’ to replace the ‘i’, this message advises recipients that their account has been
    suspended due to verification issues.

 

 

  • The link ‘Update Your Details’ leads to a Netflix branded phising page

 

 

  • This phishing scam goes to great lengths to incorporate the exact colour scheme, logo, fonts and popular images found on Netflix pages
    to further convince recipients of the legitimacy of the email.
  • Red flags on this email include, grammatical and spelling errors with the message body as well as spacing errors.

3. Apple Store

  • In this latest phishing scam, emails claiming to be from Apple Store are infiltrating inboxes.
  • Informing of an invoice arrival, recipients are advised to open a PDF in order to view the invoice.

 

  • The PDF attachment contains a receipt for the purchase of a mobile game called “Mobile Legends Bang Bang’ and contains several
    elements to make the receipt look legitimate.
  • The receipt also advises users to cancel the purchase immediately if they did not make the purchase or if they believe an unauthorised
    person has accessed their account.

 

  • Should recipients click ‘Cancel and Manage Purchasing’, they are redirected to a legitimate looking Apple login page which is designed
    to steal their login details.

 

  •  Red flags contained in this scam include the email not addressing the recipient directly and several spacing and grammatical errors.

4. Local Bitcoins

  • Claiming to be from LocalBitcoins, this latest phishing scam use details of the same compromised account in both the sender and
    recipient fields.
  • Informing recipients that LocalBitcoins is currently undergoing a maintenance exercise and as such need to verify and upgrade their user
    account via a provided link.
  • Also advises that failure to do so may result in the cancellation of their account.

 

 

  • Those who click on the link are directed to a legitimate looking LocalBitcoiuns webpage which includes the logo and branding of the
    actual LocalBitcoins website.
  • Users are then asked for their username and password, as well as their email and email password.

 

 

  • Once the form is submitted, users are redirected to the actual LocalBitcoins login page.
  • Red flags to watch out for in this scam include the email not addressing the recipient by name, the body of the email containing spelling
    and spacing errors and also including a mix of lowercase and uppercase letters in a sentence.

5. Optus

  • In a currently ongoing scam, emails are hitting inboxes claiming to be from Optus using the domain ‘optusnet.com.au’
  • Appearing in multiple variations as seen below, the emails contain similar formatting with most appearing in plain-text form.
  • Advising recipients that a document is available, the link, if clicked, leads to a malicious file download.

 

 


 

If you’d like any further information, assistance with your cyber security or you don’t know where to start please call us on  1300
478 738

or email us at  info@suretyit.com.au.

Contact Us

Name(Required)
This field is for validation purposes and should be left unchanged.

Find out how we can help with your IT challenges.

About the author:

Picture of Ash Klemm

Ash Klemm

Ash has over 20 years of experience in sales and marketing. His journey from a casual salesperson at Chandlers to State Manager at a national IT distribution company, while battling health issues, including a double lung transplant in 2015, gave him the experience, know-how, tenacity, and marketing insight, to find solutions and help businesses grow. After spending several years in the ivory tower of state management, Ash missed the genuine connection of face to face meetings and helping make a difference to businesses in need. His authentic, conversational, and easy-going nature helps our customers feel at ease and shows them we are a brand to trust. Ash spends his days advocating for our customers to ensure they receive the best possible service in a timely fashion. Ash is also the in house chair builder. His curiosity and natural problem-solving ability make him the perfect first call for all our new customers to help determine what is wrong, how Surety IT can help and what the best solutions are moving forward.
Scroll to Top