Surety IT Security Alert – February 2019

Share on facebook
Share on twitter
Share on linkedin
Share on pocket

Surety IT provides a monthly alert of the scams impacting Australian businesses including phishing scams, malware attacks and security
breaches/bugs.

You need to be particularly aware of –

1. Telstra and DocuSign

  • In order to boost legitimacy, cybercriminals have gone a step further and included both Telstra and DocuSign in this latest email scam.
  • The email advises recipients that Telstra has sent them a document to review and sign.
  • Sent from a supposed contact from a Telstra Business Centre branch, their name is used in multiple locations including the message body.

  • Recipients who click on the link ‘Review Document’ may initiate a malicious file download to their computer.

2. Netflix

  • Using a display name of ‘NETFLlX’ with a lower case ‘L’ to replace the ‘i’, this message advises recipients that their account has been
    suspended due to verification issues. 

  • The link ‘Update Your Details’ leads to a Netflix branded phising page

  • This phishing scam goes to great lengths to incorporate the exact colour scheme, logo, fonts and popular images found on Netflix pages
    to further convince recipients of the legitimacy of the email. 
  • Red flags on this email include, grammatical and spelling errors with the message body as well as spacing errors. 

3. Apple Store

  • In this latest phishing scam, emails claiming to be from Apple Store are infiltrating inboxes. 
  • Informing of an invoice arrival, recipients are advised to open a PDF in order to view the invoice.

  • The PDF attachment contains a receipt for the purchase of a mobile game called "Mobile Legends Bang Bang’ and contains several
    elements to make the receipt look legitimate. 
  • The receipt also advises users to cancel the purchase immediately if they did not make the purchase or if they believe an unauthorised
    person has accessed their account. 

  • Should recipients click ‘Cancel and Manage Purchasing’, they are redirected to a legitimate looking Apple login page which is designed
    to steal their login details.   

  •  Red flags contained in this scam include the email not addressing the recipient directly and several spacing and grammatical errors.

4. Local Bitcoins

  • Claiming to be from LocalBitcoins, this latest phishing scam use details of the same compromised account in both the sender and
    recipient fields.
  • Informing recipients that LocalBitcoins is currently undergoing a maintenance exercise and as such need to verify and upgrade their user
    account via a provided link. 
  • Also advises that failure to do so may result in the cancellation of their account. 

  • Those who click on the link are directed to a legitimate looking LocalBitcoiuns webpage which includes the logo and branding of the
    actual LocalBitcoins website. 
  • Users are then asked for their username and password, as well as their email and email password.

  • Once the form is submitted, users are redirected to the actual LocalBitcoins login page. 
  • Red flags to watch out for in this scam include the email not addressing the recipient by name, the body of the email containing spelling
    and spacing errors and also including a mix of lowercase and uppercase letters in a sentence. 

5. Optus

  • In a currently ongoing scam, emails are hitting inboxes claiming to be from Optus using the domain ‘optusnet.com.au’
  • Appearing in multiple variations as seen below, the emails contain similar formatting with most appearing in plain-text form.
  • Advising recipients that a document is available, the link, if clicked, leads to a malicious file download.


If you’d like any further information, assistance with your cyber security or you don’t know where to start please call us on  1300
478 738

or email us at  info@suretyit.com.au.

About the author:

Geoff Stewart

Geoff Stewart

Geoff Stewart is a highly experienced and skilled IT Challenger at Surety IT. His knowledge is based on years of industry experience having created customised, stable, well performing systems both for multi-national companies in the UK and Australia and Surety IT customers.

Surety IT’s mission is to address and overcome the 4 biggest problems businesses have with their IT systems and support which are: poorly performing systems, unreliable systems, unresponsive IT support and poor IT related advice.

We’ve developed a proprietary process that allows us to do that by: thoroughly understanding your business requirements, gaining an in-depth knowledge of your IT systems, identifying mission critical technology issues vital to your business performance and ensuring our ‘Solution Path’ process is specifically designed and tailored for you with value based solutions and support.

Give us a call or send us a message on our contact page to find out more about how we go about achieving these outcomes.

Scroll to Top