Surety IT provides a monthly alert of the scams impacting Australian businesses including phishing scams, malware attacks and security breaches/bugs.
You need to be particularly aware of:
1. Netflix
- With a display name of NETFLIX, this latest email scam is sent from a compromised email account and advises recipients that ‘Your Netflix Membership is on hold’
- The verification link in the body of the email directs users to a fake Netflix sign in attempt to harvest credentials.
- Warning users that failing to complete the validation will lead to account suspension, the final stage of the scam is a page designed to obtain billing information, including social security number and date of birth.
2. ANZ
- Sent from a compromised email account, this most recent phishing scam impersonates ANZ Bank.
- Contains a link to ‘Log on & View Your Message’ which leads to a legitimate looking ANZ Internet Banking login page designed to harvest credentials.
- More sensitive data is also requested by providing answers to five security questions.
- Red flags to look out for in this scam, include, grammar and punctuation mistakes and also how the content is formatted.
3. Microsoft
- Purporting to be from Microsoft, this latest email scam is designed to harvest email addresses and passwords.
- Sent from a single compromised email, the subject and the ‘to’ fields contain the email address of the recipient; whilst the ‘from’ field uses a forged Microsoft domain.
- Advises recipients that ‘all old versions and non-active users from (12/01/2020) will be closed’ and that their email address will be deleted if not confirmed.
- Those who click on the link are directed to a ‘Roundcube’ login page which is not a Microsoft domain pointing to the illegitimacy of the email.
4. Latitude Financial
- Sent from a compromised mail server and using a forged Latitude Financial domain, this email scam targets users to harvest confidential details.
- With a subject of ‘Action Required’ the body of the email contains branding obtained from legitimate messages and advises recipients that account access has been temporarily disabled for identity check.
- Those who click on the ‘Activate’ link are directed to a convincing copy of Latitude Financial’s website.
- Red flags include the email not addressed directly within the body and containing spacing errors.
5. Dailpad
- Masquerading as a voicemail notification, this email scam comes from a malicious sender and is designed to harvest email credentials.
- Titled ‘Voicemail recieved at 10:23 am’ and sent from ‘Dailpad’ contains a short transcript of the voicemail with a link directing users to a fake OneDrive branded phishing page.
- Those who click on the link are given the option to login using one of 3 different email providers – Office 365, Outlook and Other Mail – which if clicked on, leads to the fake login pages containing the branding of chosen provider.
- Containing spelling errors and also not addressed directly should alert recipients to the illegitimacy of this email.
If you’d like any further information, assistance with your cyber security or you don’t know where to start, please call us on 1300 478 738 or Email us
