Surety IT Security Alert – March 2021

Surety IT provides a monthly security alert of the scams impacting Australian businesses including phishing scams, malware attacks and security breaches/bugs.

• Recipient not being directly addressed
• Sender domains don’t belong to the sites they claim to be from
• Branding not displayed correctly
• Spelling Errors
• Spacing and formatting errors
• Domains aren’t familiar or not legitimate
• Poor English used
• Omit personal details that a legitimate sender would include
• Sent from businesses that you were not expecting to hear from
• Stray PHP tag (“?>”) at the bottom of the email.

You need to be particularly aware of:

Australia Post Text Scam

• This texting scam appears to be a damaged parcel status report from Australia Post.
• The text includes the recipients name and a photo of the supposed damaged parcel. The text message urges the recipient to resolve their issue via a link provided.
• Clicking this link will lead the recipient to a fake ‘ interactive parcel management system’ window in which the user is confronted by fake interactive chat bot ‘Suzy’ which requests the users address and financial details.

Harvey Norman Phishing Email

• This email claims to be from Australian based retail company Harvey Norman and is titled: ‘This comp. entry has been assigned to you’
• The email informs the recipient that they have won a competition from last year and Harvey Norman is attempting to make contact with them to arrange collection of the prize.
• The email provides a link for the recipient to check the current status of their competition ID and purports to be sent from the head of customer service.
• The recipient is requested to  confirm their ID and provide their preferred delivery address in order to claim their prize.

 Microsoft-branded Phishing Email

• This phishing email has been sent from the compromised account belonging to a ‘principal solicitor’ of a company and is titled ‘Property Settlements Advice’.
• The PDF informs the recipient that a settlement statement is attached for their approval and requests that they confirm the settlement figures are agreed upon as soon as possible with a link  provided for the recipient to view a PDF titled ‘Sales Advice _01’.
• Unsuspecting recipients who click the link to view the PDF are directed to a page which employs a reCAPTCHA feature.
• Once the reCAPTCHA is completed the user is led to a fake Microsoft branded login page, once the recipient has submitted their details they are redirected to a real Microsoft login page.

Trezor Phishing Email

• This email masquerades as a security alert from hardware cryptocurrency wallet, Trezor and is titled ‘Your Trezor assets might be vulnerable’.
• The email informs recipients that their account has been affected by a security breach and contains Trezor’s logo but is sent from an email which uses a domain not belonging to Trezor.
• The recipient is advised that in order to stay protected they need to update their ‘12,18 or 24-word phrase’ and create a new PIN for their wallet, with a link provided.
• Clicking this link leads users to a fake Trezor login page which employs the brand’s logo and branding elements. Here the recipient is asked to submit their existing wallet passphrases in order to update.
• Once submitted the user receives a confirmation message that their passphrase has now been updated.

If you’d like any further information, assistance with your cyber security or you don’t know where to start, please call us on 1300 478 738 or Email us.