Surety IT Security Alert – January 2019

Surety IT provides a monthly alert of the scams impacting Australian businesses including phishing scams, malware attacks and security

You need to be particularly aware of –

1. Telstra Bill Notifications

  • Masquerading as a bill notification from Telstra
  • Email is in plain text with no Telstra Branding
  • Advises recipients that their latest bill is ready to be viewed


  • Recipients who click on the link ‘View Bill’ are redirected to what currently shows as a loading page and is likely a Telstra branded
    phishing page or a malicious file download.

2. Returned Email Messages

  • Using a display name of ‘Message Center’ or ‘Message Centre’, this latest phishing scam advises recipients that their incoming
    messages are being returned.





  • Those who click on the ‘Recover Messages’ or ‘Click Here’ links are redirected to a legitimate looking fake Office 365 login page.

3. Bomb Threats Email Scam

  • Part of an extortion phishing scam and using random display names, cybercriminals are sending emails threatening to cause physical harm.



  • With circulation beginning in December 2018, the format and basic features of these emails are very similar to extortion scams seen
  • Two different variations of the email scam are being sent.
  • Appearing in plain-text format, the body of the email advises recipients that an explosive device has been placed in their building.
  • The second variant of the email advises recipients that someone has paid the sender of the email to ‘splash acid in their face’ or
    ’empty sourness in your visage’.
  • Both emails claim that if payment is made, the recipient will not be harmed.

4. Office 365

  • This latest scam detected is designed to steal your Office 365 login credentials.
  • Using a display name of “Message Center”, the emails appear to be sent from several compromised mail servers in Japan.
  • Appearing in plain-text, the email informs recipients that some incoming messages were rejected.



  • A link is included to ‘recover messages now’ which redirects to a fake login page incorporating the branding and logo of Office 365.



  • Those who click on the link will be asked to enter the login credentials on the fake site.
  • After the details have been collected by the scammers, they are then redirected to the legitimate Office 365 website.

5. CBA

  • In this latest email phishing scam, cybercriminals have spoofed the Commonwealth Bank.
  • Using the display name ‘Commbank’, the emails are titled “You’ve a new account statement – it includes an important notice”.
  • Appearing in plain-text format, the email contains a link to ‘read my statement now’.



  • If the link is clicked, victims are taken to a fake NetBank login page.


  • With the email containing formatting and grammatical errors, this phishing scam has obvious red flags for those vigilant on spotting email
  • Whilst the subject line is commonly used in legitimate notifications from CBA, account holders would know that they would never be
    directed to click on a link to view statements but instead login to there account to view the statement.

6. Energy Australia Brandjacked

  • Using a display name of ‘Energy Australia’, Australian inboxes are being flooded with fake ebill notifications claiming to be from
    Energy Australia
  • Advises the recipient that their latest bill is ready to be viewed



  • Should the ‘View eBill’ link be clicked, recipients will be led to a malicious file download or to a blank page.
  • The red flag on this email is the lack of a personalised addressee, the email states ‘Dear Customer’ as opposed to addressing any
    customers directly.

If you’d like any further information, assistance with your cyber security or you don’t know where to start please call us on  1300
478 738

or email us at

Contact Us

This field is for validation purposes and should be left unchanged.

Find out how we can help with your IT challenges.

About the author:

Picture of Ash Klemm

Ash Klemm

Ash has over 20 years of experience in sales and marketing. His journey from a casual salesperson at Chandlers to State Manager at a national IT distribution company, while battling health issues, including a double lung transplant in 2015, gave him the experience, know-how, tenacity, and marketing insight, to find solutions and help businesses grow. After spending several years in the ivory tower of state management, Ash missed the genuine connection of face to face meetings and helping make a difference to businesses in need. His authentic, conversational, and easy-going nature helps our customers feel at ease and shows them we are a brand to trust. Ash spends his days advocating for our customers to ensure they receive the best possible service in a timely fashion. Ash is also the in house chair builder. His curiosity and natural problem-solving ability make him the perfect first call for all our new customers to help determine what is wrong, how Surety IT can help and what the best solutions are moving forward.
Scroll to Top