Surety IT Security Alert – July 2020

Surety IT provides a monthly security alert of the scams impacting Australian businesses including phishing scams, malware attacks and security breaches/bugs.

You need to be particularly aware of:

Australian Taxation Office Spoofed

  • This latest spoofing email is yet another variation of the ATO scams distributed over the years.
  • Using a display name of “ATO” followed by the email address beginning with “admin@”, the domain used to send these emails does not belong to the ATO.
  • The email is titled “ATO (Australian Taxation Office) has shard INV_43189_CO.pdf” and incorporates the Adobe Logo.
  • Recipients are informed that an amount is owing and “to avoid any interest or penalties”, they should pay the ATO by the deadline.
  • If the link is clicked, recipients are led to a phishing page that claims that “this file is protected by Adobe Technology” and requests log in credentials to be entered.
  • This scam is designed to harvest email log in details.
  • Red flags include, the recipient not being addressed directly, the ‘from’ field in the email doesn’t use an ATO domain & the presence of grammatical errors.

ATO Scam 2020          ATO Scam 2020

Office 365 & Dropbox Spoofed

  • Uses a display name of “Dropbox”, and are sent from compromised Dropbox email accounts.
  • Contains the Dropbox logo and is designed to look as though it is an official Dropbox notification.
  • Recipients are informed that a file titled “PO.PDF” was sent using Dropbox Transfer and that the file will expire within 6 days.
  • Those who click on the link are led to a high-quality fake branded Dropbox hosted domain with links to Dropbox support pages which contains another link to “Download” the PDF which contains the Office 365 logo.
  • Clicking the “Access Document” link leads recipients to a phishing page hosted on Google Docs titled “OneDrive” where users are told to “sign in” using their email accounts which, if completed, advised that the download “has automatically been saved to your OneDrive Folder”.
  • The downloaded PDF rather than the email contains the malicious links which is a technique used intentionally to bypass email security filters.
  • Red flags within this latest scam include the recipient not being addressed directly and the domain within the PDF not belonging to Office 365.

Dropbox Scam

Dropbox Scam

Dropbox Scam

Dropbox Scam

business email compromise scam
An example of a business email compromise scam

Covid 19 Scams

Scammers continue to use the spread of COVID-19 (coronavirus) to take advantage of people across Australia, with a wide range of scams including phishing scams, superannuation scams, online shopping scams, and scams specifically targeting businesses.

Business Scam example

Scammers are using COVID-19 in business email compromise scams by pretending to be a supplier or business you usually deal with. Scammers are using COVID-19 as an excuse to divert your usual account payments to a different bank account. Your payment goes to the scammer instead of the real business.

If you’d like any further information, assistance with your cyber security or you don’t know where to start, please call us on  1300 478 738 or Email us

Contact Us

This field is for validation purposes and should be left unchanged.

Find out how we can help with your IT challenges.

About the author:

Picture of Ash Klemm

Ash Klemm

Ash has over 20 years of experience in sales and marketing. His journey from a casual salesperson at Chandlers to State Manager at a national IT distribution company, while battling health issues, including a double lung transplant in 2015, gave him the experience, know-how, tenacity, and marketing insight, to find solutions and help businesses grow. After spending several years in the ivory tower of state management, Ash missed the genuine connection of face to face meetings and helping make a difference to businesses in need. His authentic, conversational, and easy-going nature helps our customers feel at ease and shows them we are a brand to trust. Ash spends his days advocating for our customers to ensure they receive the best possible service in a timely fashion. Ash is also the in house chair builder. His curiosity and natural problem-solving ability make him the perfect first call for all our new customers to help determine what is wrong, how Surety IT can help and what the best solutions are moving forward.
Scroll to Top