Surety IT Security Alert – June 2019

Share on facebook
Share on twitter
Share on linkedin
Share on pocket

Surety IT provides a monthly alert of the scams impacting Australian businesses including phishing scams, malware attacks and security
breaches/bugs.

You need to be particularly aware of –

1. ANZ

  • ANZ has once again been exploited in a phishing email scam that uses a display name of ‘ANZ’ and titled ‘Successful BPAY Payment Advice’.
  • Payment related details are provided in the email, including; customer code, payment amount and date etc

  • A link is included to ‘view transaction history and provide detail’ leading those who click on the URL to a legitimate looking copy of the
    ANZ login page. 

  • Once login details are entered, users are redirected to a page that simulates a blocked account scenario with 3 questions to be answered
    which then bounces back and advises that their answers are incorrect. 

  • By sending this email scam, cyber criminals are intending to break into bank accounts with the harvested login details.

2. BankWest

  • BankWest is the latest bank to be brandjacked in where customers are informed via email that their ‘online access will be discontinued and
    deleted due to a failure to comply with our online update regulations’

  • Recipients are then advised ‘To avoid the above action, use the Bank West online update form attached to this email’
  • The form requests extensive customer details including personal access number, secure code, telephone banking PIN, personal identity
    information as well as debit card number information.

  • Red flag in this email is that the banking logo on the form says bankBest instead of BankWest
  • Should recipients complete all required details, the cybercriminals will be able to access all online and mobile banking as well as using
    the information for identity fraud.

3. Amazon Store Online

  • Fraudulent emails with legitimate looking Amazon store branding have been detected with the subject ‘Amazon – Your Order Has been
    Cancelled’ 

  • Recipients are advised that ‘Your recent order on AMAZON.COM has been cancelled due to fraudulent activity detected’, as well as other
    messages indicating that a recent order was undelivered due to an address mismatch issue.
  • Users are directed to visit amazon.com/verify-my-account or to click the ‘Verify Email’ button in the email button which directs users to a
    page that asks for login credentials.
  • The site present a message advising that Microsoft has detected suspicious activity on their computer. 

  • Sent from compromised sending addresses and using a display name of ‘Amazon Head Office’ or ‘Amazon Support’, this phishing scam is
    designed to trick users into giving login details or to contact a phone number listed on the site. 

4. NAB

  • Sent from numerous compromised accounts, multiple variations of emails have been detected purporting to be from NAB.
  • Using the display name ‘NAB Support’, the email advises the ‘customer’ that their password was entered incorrectly more than 3 times and
    that the security team had to suspend the account and all funds inside.
  • To release the hold on the account, recipients are advised to either visit one of their branches or follow the activation link
    provided. 

  • Those who click on the link are led to a NAB phishing page which requests the user to enter their NAB internet banking details as well as
    additional further personal information once logged in. Once all details are entered, users are redirected to the actual NAB website. 

  • The second variation of the email contains a plain text message advising recipients that they have received an Osko deposit with the
    amount shown. 
  • To obtain further information about the payment, recipients are requested to click the ‘View transaction history’ link which leads them to
    a convincing copy of the NAB internet banking login page. 

  • Once users enter their NAB ID and password on the convincing looking page, they are redirected to the actual NAB internet banking login
    page. 
  • Several red flags in the email include being poorly worded and containing grammatical errors.

5. Westpac

  • Using a display name ‘Westpac Bank’, emails purporting to be from Westpac are being sent from compromised accounts. 
  • Advising recipients that some unusual activity was noticed on their account and that their account has been temporarily locked, users are
    provided with a link to re-activate their account. 

  • Those who click on the link are leaded to a Westpac branded phishing page which requests account ID and password.
  • Once these details are entered, they are then requested for further personal information including date of birth, mobile number and
    drivers license number. 

  • When the second page is submitted, the user is shown that their account is being verified and after a short pause are redirected to the
    actual Westpac login page. 
  • Red flags in this email include, no branding or customised information, several grammatical inconsistencies and real banks never direct
    customers to a link to sign in to resolve an issue. 

If you’d like any further information, assistance with your cyber security or you don’t know where to start please call us on  1300
478 738

or email us at  info@suretyit.com.au.

About the author:

Geoff Stewart

Geoff Stewart

Geoff Stewart is a highly experienced and skilled IT Challenger at Surety IT. His knowledge is based on years of industry experience having created customised, stable, well performing systems both for multi-national companies in the UK and Australia and Surety IT customers.

Surety IT’s mission is to address and overcome the 4 biggest problems businesses have with their IT systems and support which are: poorly performing systems, unreliable systems, unresponsive IT support and poor IT related advice.

We’ve developed a proprietary process that allows us to do that by: thoroughly understanding your business requirements, gaining an in-depth knowledge of your IT systems, identifying mission critical technology issues vital to your business performance and ensuring our ‘Solution Path’ process is specifically designed and tailored for you with value based solutions and support.

Give us a call or send us a message on our contact page to find out more about how we go about achieving these outcomes.

Scroll to Top