Surety IT Security Alert – July 2020

Share on facebook
Share on twitter
Share on linkedin
Share on pocket
Security Alert

Surety IT provides a monthly security alert of the scams impacting Australian businesses including phishing scams, malware attacks and security breaches/bugs.

You need to be particularly aware of:

Australian Taxation Office Spoofed

  • This latest spoofing email is yet another variation of the ATO scams distributed over the years.
  • Using a display name of “ATO” followed by the email address beginning with “admin@”, the domain used to send these emails does not belong to the ATO.
  • The email is titled “ATO (Australian Taxation Office) has shard INV_43189_CO.pdf” and incorporates the Adobe Logo.
  • Recipients are informed that an amount is owing and “to avoid any interest or penalties”, they should pay the ATO by the deadline.
  • If the link is clicked, recipients are led to a phishing page that claims that “this file is protected by Adobe Technology” and requests log in credentials to be entered.
  • This scam is designed to harvest email log in details.
  • Red flags include, the recipient not being addressed directly, the ‘from’ field in the email doesn’t use an ATO domain & the presence of grammatical errors.

ATO Scam 2020          ATO Scam 2020

Office 365 & Dropbox Spoofed

  • Uses a display name of “Dropbox”, and are sent from compromised Dropbox email accounts.
  • Contains the Dropbox logo and is designed to look as though it is an official Dropbox notification.
  • Recipients are informed that a file titled “PO.PDF” was sent using Dropbox Transfer and that the file will expire within 6 days.
  • Those who click on the link are led to a high-quality fake branded Dropbox hosted domain with links to Dropbox support pages which contains another link to “Download” the PDF which contains the Office 365 logo.
  • Clicking the “Access Document” link leads recipients to a phishing page hosted on Google Docs titled “OneDrive” where users are told to “sign in” using their email accounts which, if completed, advised that the download “has automatically been saved to your OneDrive Folder”.
  • The downloaded PDF rather than the email contains the malicious links which is a technique used intentionally to bypass email security filters.
  • Red flags within this latest scam include the recipient not being addressed directly and the domain within the PDF not belonging to Office 365.

Dropbox Scam

Dropbox Scam

Dropbox Scam

Dropbox Scam

business email compromise scam
An example of a business email compromise scam

Covid 19 Scams

Scammers continue to use the spread of COVID-19 (coronavirus) to take advantage of people across Australia, with a wide range of scams including phishing scams, superannuation scams, online shopping scams, and scams specifically targeting businesses.

Business Scam example

Scammers are using COVID-19 in business email compromise scams by pretending to be a supplier or business you usually deal with. Scammers are using COVID-19 as an excuse to divert your usual account payments to a different bank account. Your payment goes to the scammer instead of the real business.

If you’d like any further information, assistance with your cyber security or you don’t know where to start, please call us on  1300 478 738 or Email us

About the author:

Geoff Stewart

Geoff Stewart

Geoff Stewart is a highly experienced and skilled IT Challenger at Surety IT. His knowledge is based on years of industry experience having created customised, stable, well performing systems both for multi-national companies in the UK and Australia and Surety IT customers.

Surety IT’s mission is to address and overcome the 4 biggest problems businesses have with their IT systems and support which are: poorly performing systems, unreliable systems, unresponsive IT support and poor IT related advice.

We’ve developed a proprietary process that allows us to do that by: thoroughly understanding your business requirements, gaining an in-depth knowledge of your IT systems, identifying mission critical technology issues vital to your business performance and ensuring our ‘Solution Path’ process is specifically designed and tailored for you with value based solutions and support.

Give us a call or send us a message on our contact page to find out more about how we go about achieving these outcomes.

Scroll to Top