Surety IT Security Alert – January 2020

Surety IT provides a monthly alert of the scams impacting Australian businesses including phishing scams, malware attacks and security breaches/bugs.

You need to be particularly aware of:

1. Netflix

  • With a display name of NETFLIX, this latest email scam is sent from a compromised email account and advises recipients that ‘Your Netflix Membership is on hold’
  • The verification link in the body of the email directs users to a fake Netflix sign in attempt to harvest credentials.
  • Warning users that failing to complete the validation will lead to account suspension, the final stage of the scam is a page designed to obtain billing information, including social security number and date of birth.

Netflix Scam


2. ANZ

  • Sent from a compromised email account, this most recent phishing scam impersonates ANZ Bank.
  • Contains a link to ‘Log on & View Your Message’ which leads to a legitimate looking ANZ Internet Banking login page designed to harvest credentials.
  • More sensitive data is also requested by providing answers to five security questions.
  • Red flags to look out for in this scam, include, grammar and punctuation mistakes and also how the content is formatted.

ANZ Scam


3. Microsoft

  • Purporting to be from Microsoft, this latest email scam is designed to harvest email addresses and passwords.
  • Sent from a single compromised email, the subject and the ‘to’ fields contain the email address of the recipient; whilst the ‘from’ field uses a forged Microsoft domain.
  • Advises recipients that ‘all old versions and non-active users from (12/01/2020) will be closed’ and that their email address will be deleted if not confirmed.
  • Those who click on the link are directed to a ‘Roundcube’ login page which is not a Microsoft domain pointing to the illegitimacy of the email.

Microsoft Scam

 


4. Latitude Financial

  • Sent from a compromised mail server and using a forged Latitude Financial domain, this email scam targets users to harvest confidential details.
  • With a subject of ‘Action Required’ the body of the email contains branding obtained from legitimate messages and advises recipients that account access has been temporarily disabled for identity check.
  • Those who click on the ‘Activate’ link are directed to a convincing copy of Latitude Financial’s website.
  • Red flags include the email not addressed directly within the body and containing spacing errors.

Latitude Scam

 


5. Dailpad

  • Masquerading as a voicemail notification, this email scam comes from a malicious sender and is designed to harvest email credentials.
  • Titled ‘Voicemail recieved at 10:23 am’ and sent from ‘Dailpad’ contains a short transcript of the voicemail with a link directing users to a fake OneDrive branded phishing page.
  • Those who click on the link are given the option to login using one of 3 different email providers – Office 365, Outlook and Other Mail – which if clicked on, leads to the fake login pages containing the branding of chosen provider.
  • Containing spelling errors and also not addressed directly should alert recipients to the illegitimacy of this email.

Dailpad Scam

 


If you’d like any further information, assistance with your cyber security or you don’t know where to start, please call us on  1300 478 738 or Email us

Contact Us

Name(Required)
This field is for validation purposes and should be left unchanged.

Find out how we can help with your IT challenges.

About the author:

Ash Klemm

Ash Klemm

Ash has over 20 years of experience in sales and marketing.His journey from a casual salesperson at Chandlers to State Manager at a national IT distribution company, while battling health issues, including a double lung transplant in 2015, gave him the experience, know-how, tenacity, and marketing insight, to find solutions and help businesses grow.After spending several years in the ivory tower of state management, Ash missed the genuine connection of face to face meetings and helping make a difference to businesses in need.His authentic, conversational, and easy-going nature helps our customers feel at ease and shows them we are a brand to trust. Ash spends his days advocating for our customers to ensure they receive the best possible service in a timely fashion. Ash is also the in house chair builder.His curiosity and natural problem-solving ability make him the perfect first call for all our new customers to help determine what is wrong, how Surety IT can help and what the best solutions are moving forward.
Scroll to Top