Surety IT Security Alert – July 2018

Share on facebook
Share on twitter
Share on linkedin
Share on pocket

Surety IT provides a monthly alert of the scams impacting Australian businesses including phishing scams, malware attacks and security
breaches/bugs.

You need to be particularly aware of  –

1. Xero invoice scam

  • A new phishing scam has been detected that looks like it has been sent through Xero.
  • It encourages the recipient to click through to the invoice.
  • The link in the message takes the victim to a compromised Sharepoint site where malicious content is downloaded and executed.
  • The  malicious software (Javascript) is typically used to track on-page activity and often precedes data theft and social engineering
    attempts.

2. Fake Telstra email



  • A new phishing scam has been detected that has brand-jacked Telstra.
  • This phishing email is a very convincing forgery of a Telstra email notification and login portal. 
  • The sender display email address is also realistic, shown as – telstramailbill_noreply@online.telstra.com
  • The link in the message actually takes victims of this scam to a phishing website, which again is very realistic (shown below)
  • Once the victim inputs their credentials in the page below, they are forwarded to a second page which harvests their personal data and
    credit card details.


3. Fake Linkedin request


  • A new scam has been detected that claims to be a Linkedin invitation from "Professor Barry James Marshall".
  • This is a phishing scam designed to harvest your Linkedin login credentials.
  • A search of Linkedin reveals that "Professor Barry James Marshall" is a bogus account name that doesn’t exist.


4. Law Council of Australia brand-jacking




  • There is a new phishing scam that has been detected that is exploiting the trademarks of the Law Council of Australia, Office 365, Yahoo,
    GoDaddy, Hotmail, AOL, The Law Institute of Victoria and others.
  • The scam is aimed at collecting login names and passwords of victims.
  • The simple scam email is in plain text. 
  • When the recipient clicks on the link, they are taken to a PDF document with a malicious link that opens a phishing page.


 
If you’d like any further information, assistance with your cyber security or you don’t know where to start please call us on  

1300 478 738  or email us at info@suretyit.com.au.

About the author:

Geoff Stewart

Geoff Stewart

Geoff Stewart is a highly experienced and skilled IT Challenger at Surety IT. His knowledge is based on years of industry experience having created customised, stable, well performing systems both for multi-national companies in the UK and Australia and Surety IT customers.

Surety IT’s mission is to address and overcome the 4 biggest problems businesses have with their IT systems and support which are: poorly performing systems, unreliable systems, unresponsive IT support and poor IT related advice.

We’ve developed a proprietary process that allows us to do that by: thoroughly understanding your business requirements, gaining an in-depth knowledge of your IT systems, identifying mission critical technology issues vital to your business performance and ensuring our ‘Solution Path’ process is specifically designed and tailored for you with value based solutions and support.

Give us a call or send us a message on our contact page to find out more about how we go about achieving these outcomes.

Scroll to Top