Surety IT provides a monthly alert of the scams impacting Australian businesses including phishing scams, malware attacks and security breaches/bugs.
You need to be particularly aware of:
1. Netflix… Again!
- In yet another phishing attempt purporting to be from Netflix, recent emails received are being sent from a single compromised email address and are headed ‘Account Informations Update’.
- Advises recipients that ‘billing information has been modified’ and that they are required to update within the next 24 hours or risk account suspension.
- Those who click on the link provided are directed to a Netflix branded phishing page where they are requested to login to their account.
- Once logged in, payment information is then requested to be updated; followed by a window which informs them to pass a 3-step verification in order to continue.
- At the end of step 3 whereby they have entered the password displayed on their mobile phone or device, they are redirected to the legitimate Netflix page.
- Red flags to be on the lookout throughout this scam include; grammatical and spelling errors and the ‘from’ field within the email not including the Netflix domain.
2. Qantas Travel Money
- In an attempt to spoof Qantas, a phishing email titled ‘Don’t let 1,000,000 bonus Qantas points get away’ is hitting inboxes.
- Informs recipients that their Qantas Travel Money load has been successful and the new funds ‘are now available to spend at millions of Mastercard locations worldwide’
- A link provided to view a receipt directs those who click to a fake Qantas-branded login page which requests Frequent Flyer credentials such as membership number, last name and pin.
- Once logged in, recipients are then asked to verify their identity by providing personal details such as mother’s maiden name, date of birth and postcode.
- Upon clicking ‘verify’, recipients are then redirected to the legitimate Qantas travel money web page.
- Red flags to be on the lookout throughout this scam include; spacing and grammatical errors and the frequent flyer page hosted on a ‘Qantos’ domain.
3. Prime Minister Impersonated
- Australian Prime Minister Scott Morrison has been impersonated in this latest email infiltrating inboxes.
- Titled ‘Here’s your download’, using a display name of ‘Hon Scott Morrison MP’ with an image of the PM, this email informs recipients that their invitation letter is attached.
- The invitation letter appears in a PDF format and is hyperlinked, those who click on this link are led to a SharePoint branded phishing website which has since been taken down.
4. Squarespace
- Using the display name ‘Squarespace’ and a ‘@sqourserviceonline.com’ domain, this latest email purporting to be from Squarespace is actually sent from a single compromised email.
- Containing the Squarespace logo and titled ‘ Unable to renew your domain’, recipients are informed that their ‘connected domain’ is unable to be renewed due to a billing error.
- Recipients are given 3 days to update payment methods via a link which directs to a well-crafted phishing page designed to harvest credentials and personal information such as credit card details, full name and address.
- Users are then requested to synchronize their email account details for ‘security reasons’ and then taken to a final page that simulates a logoff and redirects to the actual Squarespace website.
- Red flags in this scam include no personal information in the body of the email and that the actual Squarespace domain is not used in the senders email address.
5. Extortionists demand Bitcoin
- Fueled by multiple data breaches, extortion email scams have been on the rise.
- This latest scam using ‘I have clips of you watching adult videos’ as the subject originates from a compromised email address and purports to have found a vulnerability in the recipients router.
- $1300 in Bit-Coin within 72 hours is demanded or the ‘hacker’ threatens to release the recording to all of the recipients contacts.
6. Aramex Spoofed
- Purporting to be sent by Aramex Group and using the display name ‘eTeam’, this latest scam originates from a single compromised email address and is titled ‘New Aramex Message’.
- Informing recipients that delivery to their mailing address has been unsuccessful, the email requests recipients to clink on a link provided which displays as a tracking number/ ship ID which leads to a fake Microsoft branded login page.
- Those who enter their password and have ‘signed in’ are then told ‘wrong password error’.
- Red flags in this email include the senders address not using the Aramex domain and several spelling and spacing errors.
7. PayPal Address Addition
- Using the display name of ‘PayPal’ and titled ‘You’ve added new address to your account’, this latest scam claiming to be from PayPal is an attempt to harvest confidential data of users.
- The email is a confirmation of an address change; however, recipients are advised to click on a provided link if they did not add the address.
- Those who click on the link are taken to an illegitimate PayPal branded page which over several steps and pages requests confidential data such as email and password, billing address details and credit card information.
- Red flags include the user not addressed directly in the email and the PayPal domain not used in the senders email address.
If you’d like any further information, assistance with your cyber security or you don’t know where to start, please call us on 1300 478 738 or Email us