Surety IT Security Alert – June 2020

Share on facebook
Share on twitter
Share on linkedin
Share on pocket
Security Alert

Surety IT provides a monthly security alert of the scams impacting Australian businesses including phishing scams, malware attacks and security breaches/bugs.

You need to be particularly aware of:

1. Fraudulent Emails using Excel attachments

  • Sent with no subject or text in the email body, this fraudulent email uses a malicious payload disguised as a Microsoft Excel attachment.
  • Originates from a large number of different email address, likely to be compromised accounts.
  • Once recipients enable macros/ additional content to be run, the malicious code is executed.

Fraud June 2020


2. DHL Spoofed

  • Purports to be from DHL, titled “DHL Shipment Thursday, June 11, 2020 & includes the recipients email address in the “from” field.
  • Sent from a compromised email account, it informs recipients that “the courier” is unable to send a package that “arrived today”
  • Requests confirmation of tracking number via a link which leads to a DHL branded phishing page.
  • Should the link be clicked, personal details are requested, such as full name, address & phone number and upon submission, recipients are advised that an error has occurred and they are redirected to the actual DHL website.

DHL Spoof


3. Qantas Spoofed: “Coronavirus Relief  Bonus”

  • Titled “Your Coronavirus Relief Bonus is about to expire”, originates from several email addresses belonging to different domains and uses multiple display names.
  • Containing Qantas logo and branding within the body of the email, recipients are provided with a button to login and claim the bonus.
  • The button directs recipients to a phishing page that appears as a Qantas Frequent Flyer login page.
  • Personal details such as membership number, last name and security PIN are requested and those who provide these details are taken to another page which displays the error “the details do not match our records”.

Qantas Spoof


4. Zoom Video Conferencing Invitation

  • In attempt to obtain confidential information, an email purporting to be from Zoom is hitting inboxes.
  • Sent using a display name of “Zoom Video Communications”, the email is titled “Zoom Video Conferencing invitation Wednesday, May 13, 2020 and originates from multiple randomly generated email addresses hosted on amazonses.com
  • Within the body, the email is directed to the email address displayed in the “to” field and informs recipients that they have received a video conferencing invitation.
  • Upon clicking the button to “review invitation”, the recipient is led to a fake Microsoft-branded login page whereby they are requested to sign in to Zoom with your Microsoft 365 account which is not hosted on either a Zoom or Microsoft domain.
  • Once “logged in”, the recipient receives an error “sign in attempt timeout, verify your password to access Zoom invitation” whereby on submission of the password on a 2nd attempt, recipient is redirected to the legitimate Zoom home page.

Zoom


5. Microsoft Office 365 Spoofed

  • Microsoft Office 365 have been brand-jacked in an attempt to obtain confidential information.
  • Using the domain of the recipient’s email address as a prefix, the display name also contains the words “Mail Control System”
  • Titled “Extremity Alert Surfaced” followed by a time stamp, the email originates from a single compromised email address and contains Office 365 logo and branding.
  • Those who click on the “View Message” link are redirected to a fake Microsoft Office 365 branded login page which is a phishing page hosted on a domain not belonging to Microsoft.
  • To verify identity, CAPTCHA is required first followed by entry of password which prompts are “wrong password” error message.
  • Upon entering the password a 2nd time, users receive account verification confirmation and are redirected to the authentic Office 365 login page.

Office 365

 


If you’d like any further information, assistance with your cyber security or you don’t know where to start, please call us on  1300 478 738 or Email us

About the author:

Geoff Stewart

Geoff Stewart

Geoff Stewart is a highly experienced and skilled IT Challenger at Surety IT. His knowledge is based on years of industry experience having created customised, stable, well performing systems both for multi-national companies in the UK and Australia and Surety IT customers.

Surety IT’s mission is to address and overcome the 4 biggest problems businesses have with their IT systems and support which are: poorly performing systems, unreliable systems, unresponsive IT support and poor IT related advice.

We’ve developed a proprietary process that allows us to do that by: thoroughly understanding your business requirements, gaining an in-depth knowledge of your IT systems, identifying mission critical technology issues vital to your business performance and ensuring our ‘Solution Path’ process is specifically designed and tailored for you with value based solutions and support.

Give us a call or send us a message on our contact page to find out more about how we go about achieving these outcomes.

Scroll to Top