Surety IT Security Alert – March 2019

Share on facebook
Share on twitter
Share on linkedin
Share on pocket

Surety IT provides a monthly alert of the scams impacting Australian businesses including phishing scams, malware attacks and security
breaches/bugs.

You need to be particularly aware of –

1. ANZ

  • Using legitimate-looking fake ANZ landing pages, this latest phishing scam uses a display name of ‘Support’ is actually sent using Amazon
    web services and the domain ‘@anzsupport.cf’
  • The email explains the banks use of challenge questions to secure accounts and recipients are requested to confirm their challenge
    questions and answers. 

  • Recipients who click on the link are led to an ANZ branded site to login using their Customer Registration Number and Password

  • Should recipients log in, they are directed to a second page requesting 3 challenge questions and answers are set.  Once this is
    completed they are redirected to the actual ANZ website.

  • The purpose of this scam is to harvest the login details of ANZ customers so cyber criminals can break into bank accounts. 

2. Apple ID

  • In an attempt to steal Apple login credentials and are personal information, 2 new variations of emails scams are being sent using a
    display name of ‘Apple’. 
  • A link is provided that requests recipients verify their Apple ID details, including billing information.


  • Those who click on the link are led to a 404 page which is believed to have been an Apple phishing page. 
  • Red flags on this email include grammatical errors and the fact that recipients are not addressed by name.  

3. Multiple Email Providers Brand-jacked

  • In a new phishing scam, multiple popular and well-established companies such as Office 365 and Yahoo have been brandjacked
  • The email is sent from a compromised mailbox with the ‘From’ field containing the email address of the actual sender and the ‘To’ field
    has been replaced with a generic display name of ‘Recipients’

  • Those who click on the ‘Download Attachments’ link are directed to a Onedrive branded phishing sites with additional links to select the
    email provider. 

  • Should one of the email provider links be clicked, recipients are redirected to a fake login page. For example the Office 365 login page is
    below: 

  • All links in this phishing scam are designed to harvest users’ confidential login details. 

4. Xero

  • In this latest scam, cyber criminals have brand-jacked Xero and are sending hoax invoice notifications. 
  • Using the display name ‘Xero Subscription Notifications’, the body of the email advises recipients that their invoice is ready and that
    the amount in the invoice will be debited from their credit card. 
  • Including several links leading to legitimate Xero help pages, a link to the bill is also provided.

  • Those who click on the link containing the invoice number initiate a download of a malicious payload designed to infect systems. 
  • The red flag in this email is that the real Xero commonly uses a PDF attachment rather than a link to an external website. 

5. Egnyte & WeTransfer

  • Appearing to be generated by Egnyte and sent via the software company’s domain, this latest phishing scam is being sent using a display
    name of a compromised user. 
  • Advising recipients that the sender has shared a file with them, a link is provided to view a PDF file. 

  • Should the link be clicked, recipients are redirected to an authentic looking WeTransfer email for sharing a file. 

  • The ‘View Folder’ link leads to an Office 365 phishing page. 

  • Well executed, cyber criminals have utilised high quality graphical elements whilst spoofing all 3 brands – Egnyte, WeTransfer and Office
    365. 

If you’d like any further information, assistance with your cyber security or you don’t know where to start please call us on  1300
478 738

or email us at  info@suretyit.com.au.

About the author:

Geoff Stewart

Geoff Stewart

Geoff Stewart is a highly experienced and skilled IT Challenger at Surety IT. His knowledge is based on years of industry experience having created customised, stable, well performing systems both for multi-national companies in the UK and Australia and Surety IT customers.

Surety IT’s mission is to address and overcome the 4 biggest problems businesses have with their IT systems and support which are: poorly performing systems, unreliable systems, unresponsive IT support and poor IT related advice.

We’ve developed a proprietary process that allows us to do that by: thoroughly understanding your business requirements, gaining an in-depth knowledge of your IT systems, identifying mission critical technology issues vital to your business performance and ensuring our ‘Solution Path’ process is specifically designed and tailored for you with value based solutions and support.

Give us a call or send us a message on our contact page to find out more about how we go about achieving these outcomes.

Scroll to Top