Surety IT Security Alert – January 2020

Share on facebook
Share on twitter
Share on linkedin
Share on pocket
Security Alert

Surety IT provides a monthly alert of the scams impacting Australian businesses including phishing scams, malware attacks and security breaches/bugs.

You need to be particularly aware of:

1. Netflix

  • With a display name of NETFLIX, this latest email scam is sent from a compromised email account and advises recipients that ‘Your Netflix Membership is on hold’
  • The verification link in the body of the email directs users to a fake Netflix sign in attempt to harvest credentials.
  • Warning users that failing to complete the validation will lead to account suspension, the final stage of the scam is a page designed to obtain billing information, including social security number and date of birth.

Netflix Scam


2. ANZ

  • Sent from a compromised email account, this most recent phishing scam impersonates ANZ Bank.
  • Contains a link to ‘Log on & View Your Message’ which leads to a legitimate looking ANZ Internet Banking login page designed to harvest credentials.
  • More sensitive data is also requested by providing answers to five security questions.
  • Red flags to look out for in this scam, include, grammar and punctuation mistakes and also how the content is formatted.

ANZ Scam


3. Microsoft

  • Purporting to be from Microsoft, this latest email scam is designed to harvest email addresses and passwords.
  • Sent from a single compromised email, the subject and the ‘to’ fields contain the email address of the recipient; whilst the ‘from’ field uses a forged Microsoft domain.
  • Advises recipients that ‘all old versions and non-active users from (12/01/2020) will be closed’ and that their email address will be deleted if not confirmed.
  • Those who click on the link are directed to a ‘Roundcube’ login page which is not a Microsoft domain pointing to the illegitimacy of the email.

Microsoft Scam

 


4. Latitude Financial

  • Sent from a compromised mail server and using a forged Latitude Financial domain, this email scam targets users to harvest confidential details.
  • With a subject of ‘Action Required’ the body of the email contains branding obtained from legitimate messages and advises recipients that account access has been temporarily disabled for identity check.
  • Those who click on the ‘Activate’ link are directed to a convincing copy of Latitude Financial’s website.
  • Red flags include the email not addressed directly within the body and containing spacing errors.

Latitude Scam

 


5. Dailpad

  • Masquerading as a voicemail notification, this email scam comes from a malicious sender and is designed to harvest email credentials.
  • Titled ‘Voicemail recieved at 10:23 am’ and sent from ‘Dailpad’ contains a short transcript of the voicemail with a link directing users to a fake OneDrive branded phishing page.
  • Those who click on the link are given the option to login using one of 3 different email providers – Office 365, Outlook and Other Mail – which if clicked on, leads to the fake login pages containing the branding of chosen provider.
  • Containing spelling errors and also not addressed directly should alert recipients to the illegitimacy of this email.

Dailpad Scam

 


If you’d like any further information, assistance with your cyber security or you don’t know where to start, please call us on  1300 478 738 or Email us

About the author:

Geoff Stewart

Geoff Stewart

Geoff Stewart is a highly experienced and skilled IT Challenger at Surety IT. His knowledge is based on years of industry experience having created customised, stable, well performing systems both for multi-national companies in the UK and Australia and Surety IT customers.

Surety IT’s mission is to address and overcome the 4 biggest problems businesses have with their IT systems and support which are: poorly performing systems, unreliable systems, unresponsive IT support and poor IT related advice.

We’ve developed a proprietary process that allows us to do that by: thoroughly understanding your business requirements, gaining an in-depth knowledge of your IT systems, identifying mission critical technology issues vital to your business performance and ensuring our ‘Solution Path’ process is specifically designed and tailored for you with value based solutions and support.

Give us a call or send us a message on our contact page to find out more about how we go about achieving these outcomes.

Scroll to Top