Surety IT Security Alert – July 2018

Surety IT provides a monthly alert of the scams impacting Australian businesses including phishing scams, malware attacks and security
breaches/bugs.

You need to be particularly aware of  –

1. Xero invoice scam

  • A new phishing scam has been detected that looks like it has been sent through Xero.
  • It encourages the recipient to click through to the invoice.
  • The link in the message takes the victim to a compromised Sharepoint site where malicious content is downloaded and executed.
  • The  malicious software (Javascript) is typically used to track on-page activity and often precedes data theft and social engineering
    attempts.

2. Fake Telstra email

  • A new phishing scam has been detected that has brand-jacked Telstra.
  • This phishing email is a very convincing forgery of a Telstra email notification and login portal.
  • The sender display email address is also realistic, shown as – telstramailbill_noreply@online.telstra.com
  • The link in the message actually takes victims of this scam to a phishing website, which again is very realistic (shown below)
  • Once the victim inputs their credentials in the page below, they are forwarded to a second page which harvests their personal data and
    credit card details.

3. Fake Linkedin request

  • A new scam has been detected that claims to be a Linkedin invitation from “Professor Barry James Marshall”.
  • This is a phishing scam designed to harvest your Linkedin login credentials.
  • A search of Linkedin reveals that “Professor Barry James Marshall” is a bogus account name that doesn’t exist.

4. Law Council of Australia brand-jacking

  • There is a new phishing scam that has been detected that is exploiting the trademarks of the Law Council of Australia, Office 365, Yahoo,
    GoDaddy, Hotmail, AOL, The Law Institute of Victoria and others.
  • The scam is aimed at collecting login names and passwords of victims.
  • The simple scam email is in plain text.
  • When the recipient clicks on the link, they are taken to a PDF document with a malicious link that opens a phishing page.

Contact Us

Name(Required)
This field is for validation purposes and should be left unchanged.

Find out how we can help with your IT challenges.

About the author:

Picture of Ash Klemm

Ash Klemm

Ash has over 20 years of experience in sales and marketing. His journey from a casual salesperson at Chandlers to State Manager at a national IT distribution company, while battling health issues, including a double lung transplant in 2015, gave him the experience, know-how, tenacity, and marketing insight, to find solutions and help businesses grow. After spending several years in the ivory tower of state management, Ash missed the genuine connection of face to face meetings and helping make a difference to businesses in need. His authentic, conversational, and easy-going nature helps our customers feel at ease and shows them we are a brand to trust. Ash spends his days advocating for our customers to ensure they receive the best possible service in a timely fashion. Ash is also the in house chair builder. His curiosity and natural problem-solving ability make him the perfect first call for all our new customers to help determine what is wrong, how Surety IT can help and what the best solutions are moving forward.
Scroll to Top