Surety IT provides a monthly alert of the scams impacting Australian businesses including phishing scams, malware attacks and security
You need to be particularly aware of –
1. Fake infringement notice
- These scam messages are coming from a wide variety of email accounts, including –
- Jody Charles: firstname.lastname@example.org
- Aidan Murphy: email@example.com
- Billy Campbell: firstname.lastname@example.org
- Jenson Roberts: email@example.com
- Logan Saunders: firstname.lastname@example.org
- Billy Campbell: email@example.com
- Jacob Parry: firstname.lastname@example.org
- Stephen Oliver: email@example.com
- Hayden Reynolds: firstname.lastname@example.org
- Jenson Roberts: email@example.com
- Derrick Jackson: firstname.lastname@example.org
- Paxton Dunlap: email@example.com
- Ben Moore: firstname.lastname@example.org
- Cyrus Weber: email@example.com
- Ethan Anderson: firstname.lastname@example.org
- There are several variations of the email with different amounts and office names
- If the link in the email is clicked on it downloads malware to a victims computer
2. Login data scam
- A new phishing scam has been detected that tries to harvest a victim’s login details.
- If the link in the email is clicked on, it points to a fake email login page asking for the victim’s login data.
- Information harvested in this scam is used to defraud victims.
3. New MYOB brand-jacking scam
- A new scam has been detected that shows MYOB branding and is supposedly a document notification email.
- The attached file contains malware that will infect a victim’s computer.
4. Quote request scam
- The email in the screenshot above is a scam message and is meant to look like a quote request.
- There are several grammar errors in the email.
- If the attachment is clicked on, it will install malware on the victim’s computer.
5. One Drive brand-jacking
- There is a new scam that tries to harvest victim’s Office 365 credentials.
- If the victim clicks on the "Check Pay Doc" link they are directed to a fake Office 365 login page.
- If the victim then enters their credentials into the login page, their details are harvested and used to defraud them.