Surety IT Security Alert – July 2019

Share on facebook
Share on twitter
Share on linkedin
Share on pocket
Cartoon depiction of scammer at a computer

Surety IT provides a monthly alert of the scams impacting Australian businesses including phishing scams, malware attacks and security
breaches/bugs.

You need to be particularly aware of –

1. Office 365

  • Sent via a compromised email address and purporting to be from Office 365, a new phishing scam is landing in inboxes informing recipients
    that some messages have been delayed due to be them being identified as spam. 
  • It advises that the recipient can review these and choose how to proceed by clicking the "Review Message" link.

  • Those who click on the link are redirected to a Microsoft blob hosted phishing page which looks like the actual Office 365 login screen
    and are requested to select their account from a list.
  • Should they click on the account, they are then requested to enter their password and click login which causes the page to indicate it is
    loading.  

  • Red flags in this scam include that the email body isn’t well-formatted and contains grammatical & spacing errors.

2. Audio Email

  • Uses the display name of "Notifications", titled "You Have Received An AudioEmail" and sent from a compromised email
    account
  • Advises recipients that they have received a new ‘Audio Email’ from their address book and that a call back is required

  • Details on the supposed audio note, including duration, date & time are attached which also includes a link to listen to the full
    message. 

  • Those who click on the link are led to a compromised Sharepoint account which provides another link to listen to the full message. 
  • Should the ‘Listen to Full Message Here’ link be clicked, recipients are led to a OneDrive for business page which states that the file
    cannot be previewed and includes another link to open the full file.

  • The recipient is then directed to a phishing page purporting to be Microsoft which appears as a legitimate sign in page. 


3. Microsoft

  • Sent via a compromised email account, the display name corresponds to the recipient’s email address and is titled ‘error message’
  • The email informs recipients that their emails are stuck on the server pending their session ‘revalidation’ as they are ”still using an
    outdated email settings’. 
  • They are then directed via a link  to use a ‘maintenance portal’ to update and retrieve their messages.

    • Those who click on the link are taken to a Microsoft Forms hosted form titled ‘Microsoft Maintenance Portal’ which requests email and
      password details. 

    • Once the details are submitted, users are directed to another portal page that confirmed their response was submitted successfully. 

    4. Dropbox

    • Sent via a single compromised domain and appears as an auto-generated email from Dropbox
    • Including a purchase order reference number, the email informs recipients that a new purchase order has been shared with them and to click
      a link to view the purchase order. 

    • Recipients who click on the ‘View File’ button are led to a highly suspicious blank page that is not associated with Dropbox which
      contains an error message. 


    5. Suncorp

    • In an attempt to harvest login credentials and originally sent from the forged ‘suncorp.com.au’ domain, the email is titled ‘ACTION
      REQUIRED: Verify your ID for next level security’ and contains a short message requesting ID verification to be completed via a
      link. 

    • Those who click on the ‘Verify Now’ button are redirected to a Suncorp branded phishing page that requests their account ID and password
      as well as the secret token code. 

    • Once logged in, recipients are taken to a photo ID verification page which directs them to upload a photo of a legal identification
      document such as their passport. They are then requested to input additional personal details such as address, date of birth and phone
      number. 

    • Once users click on the ‘update button’, they are led to a ‘thank you’ page, informing them that they have successfully finished verifying
      their ID and are redirected to the login page. 

    If you’d like any further information, assistance with your cyber security or you don’t know where to start please call us on  1300
    478 738

    or email us at  info@suretyit.com.au.

    Find out how we can help with your IT challenges.
    Talk to us today 1300 478 738 or Email

    Subscribe for the latest industry news, updates and advice.

    About the author:

    Ash Klemm

    Ash Klemm

    Ash has over 20 years of experience in sales and marketing.His journey from a casual salesperson at Chandlers to State Manager at a national IT distribution company, while battling health issues, including a double lung transplant in 2015, gave him the experience, know-how, tenacity, and marketing insight, to find solutions and help businesses grow.After spending several years in the ivory tower of state management, Ash missed the genuine connection of face to face meetings and helping make a difference to businesses in need.His authentic, conversational, and easy-going nature helps our customers feel at ease and shows them we are a brand to trust. Ash spends his days advocating for our customers to ensure they receive the best possible service in a timely fashion. Ash is also the in house chair builder.His curiosity and natural problem-solving ability make him the perfect first call for all our new customers to help determine what is wrong, how Surety IT can help and what the best solutions are moving forward.
    Scroll to Top