Surety IT provides a monthly alert of the scams impacting Australian businesses including phishing scams, malware attacks and security
breaches/bugs.
You need to be particularly aware of –
1. Office 365
- Sent via a compromised email address and purporting to be from Office 365, a new phishing scam is landing in inboxes informing recipients
that some messages have been delayed due to be them being identified as spam. - It advises that the recipient can review these and choose how to proceed by clicking the “Review Message” link.
- Those who click on the link are redirected to a Microsoft blob hosted phishing page which looks like the actual Office 365 login screen
and are requested to select their account from a list. - Should they click on the account, they are then requested to enter their password and click login which causes the page to indicate it is
loading.
- Red flags in this scam include that the email body isn’t well-formatted and contains grammatical & spacing errors.
2. Audio Email
- Uses the display name of “Notifications”, titled “You Have Received An AudioEmail” and sent from a compromised email
account - Advises recipients that they have received a new ‘Audio Email’ from their address book and that a call back is required
- Details on the supposed audio note, including duration, date & time are attached which also includes a link to listen to the full
message.
- Those who click on the link are led to a compromised Sharepoint account which provides another link to listen to the full message.
- Should the ‘Listen to Full Message Here’ link be clicked, recipients are led to a OneDrive for business page which states that the file
cannot be previewed and includes another link to open the full file.
- The recipient is then directed to a phishing page purporting to be Microsoft which appears as a legitimate sign in page.
3. Microsoft
- Sent via a compromised email account, the display name corresponds to the recipient’s email address and is titled ‘error message’
- The email informs recipients that their emails are stuck on the server pending their session ‘revalidation’ as they are ”still using an
outdated email settings’. - They are then directed via a link to use a ‘maintenance portal’ to update and retrieve their messages.
- Those who click on the link are taken to a Microsoft Forms hosted form titled ‘Microsoft Maintenance Portal’ which requests email and
password details.
- Once the details are submitted, users are directed to another portal page that confirmed their response was submitted successfully.
4. Dropbox
- Sent via a single compromised domain and appears as an auto-generated email from Dropbox
- Including a purchase order reference number, the email informs recipients that a new purchase order has been shared with them and to click
a link to view the purchase order.
- Recipients who click on the ‘View File’ button are led to a highly suspicious blank page that is not associated with Dropbox which
contains an error message.
5. Suncorp
- In an attempt to harvest login credentials and originally sent from the forged ‘suncorp.com.au’ domain, the email is titled ‘ACTION
REQUIRED: Verify your ID for next level security’ and contains a short message requesting ID verification to be completed via a
link.
- Those who click on the ‘Verify Now’ button are redirected to a Suncorp branded phishing page that requests their account ID and password
as well as the secret token code.
- Once logged in, recipients are taken to a photo ID verification page which directs them to upload a photo of a legal identification
document such as their passport. They are then requested to input additional personal details such as address, date of birth and phone
number.
- Once users click on the ‘update button’, they are led to a ‘thank you’ page, informing them that they have successfully finished verifying
their ID and are redirected to the login page.
If you’d like any further information, assistance with your cyber security or you don’t know where to start please call us on 1300
478 738
or email us at info@suretyit.com.au.
