Surety IT Security Alert – July 2019

Share on facebook
Share on twitter
Share on linkedin
Share on pocket

Surety IT provides a monthly alert of the scams impacting Australian businesses including phishing scams, malware attacks and security
breaches/bugs.

You need to be particularly aware of –

1. Office 365

  • Sent via a compromised email address and purporting to be from Office 365, a new phishing scam is landing in inboxes informing recipients
    that some messages have been delayed due to be them being identified as spam. 
  • It advises that the recipient can review these and choose how to proceed by clicking the "Review Message" link.

  • Those who click on the link are redirected to a Microsoft blob hosted phishing page which looks like the actual Office 365 login screen
    and are requested to select their account from a list.
  • Should they click on the account, they are then requested to enter their password and click login which causes the page to indicate it is
    loading.  

  • Red flags in this scam include that the email body isn’t well-formatted and contains grammatical & spacing errors.

2. Audio Email

  • Uses the display name of "Notifications", titled "You Have Received An AudioEmail" and sent from a compromised email
    account
  • Advises recipients that they have received a new ‘Audio Email’ from their address book and that a call back is required

  • Details on the supposed audio note, including duration, date & time are attached which also includes a link to listen to the full
    message. 

  • Those who click on the link are led to a compromised Sharepoint account which provides another link to listen to the full message. 
  • Should the ‘Listen to Full Message Here’ link be clicked, recipients are led to a OneDrive for business page which states that the file
    cannot be previewed and includes another link to open the full file.

  • The recipient is then directed to a phishing page purporting to be Microsoft which appears as a legitimate sign in page. 


3. Microsoft

  • Sent via a compromised email account, the display name corresponds to the recipient’s email address and is titled ‘error message’
  • The email informs recipients that their emails are stuck on the server pending their session ‘revalidation’ as they are ”still using an
    outdated email settings’. 
  • They are then directed via a link  to use a ‘maintenance portal’ to update and retrieve their messages.

    • Those who click on the link are taken to a Microsoft Forms hosted form titled ‘Microsoft Maintenance Portal’ which requests email and
      password details. 

    • Once the details are submitted, users are directed to another portal page that confirmed their response was submitted successfully. 

    4. Dropbox

    • Sent via a single compromised domain and appears as an auto-generated email from Dropbox
    • Including a purchase order reference number, the email informs recipients that a new purchase order has been shared with them and to click
      a link to view the purchase order. 

    • Recipients who click on the ‘View File’ button are led to a highly suspicious blank page that is not associated with Dropbox which
      contains an error message. 


    5. Suncorp

    • In an attempt to harvest login credentials and originally sent from the forged ‘suncorp.com.au’ domain, the email is titled ‘ACTION
      REQUIRED: Verify your ID for next level security’ and contains a short message requesting ID verification to be completed via a
      link. 

    • Those who click on the ‘Verify Now’ button are redirected to a Suncorp branded phishing page that requests their account ID and password
      as well as the secret token code. 

    • Once logged in, recipients are taken to a photo ID verification page which directs them to upload a photo of a legal identification
      document such as their passport. They are then requested to input additional personal details such as address, date of birth and phone
      number. 

    • Once users click on the ‘update button’, they are led to a ‘thank you’ page, informing them that they have successfully finished verifying
      their ID and are redirected to the login page. 

    If you’d like any further information, assistance with your cyber security or you don’t know where to start please call us on  1300
    478 738

    or email us at  info@suretyit.com.au.

    About the author:

    Geoff Stewart

    Geoff Stewart

    Geoff Stewart is a highly experienced and skilled IT Challenger at Surety IT. His knowledge is based on years of industry experience having created customised, stable, well performing systems both for multi-national companies in the UK and Australia and Surety IT customers.

    Surety IT’s mission is to address and overcome the 4 biggest problems businesses have with their IT systems and support which are: poorly performing systems, unreliable systems, unresponsive IT support and poor IT related advice.

    We’ve developed a proprietary process that allows us to do that by: thoroughly understanding your business requirements, gaining an in-depth knowledge of your IT systems, identifying mission critical technology issues vital to your business performance and ensuring our ‘Solution Path’ process is specifically designed and tailored for you with value based solutions and support.

    Give us a call or send us a message on our contact page to find out more about how we go about achieving these outcomes.

    Scroll to Top