Surety IT Security Alert – March 2021

Surety IT provides a monthly security alert of the scams impacting Australian businesses including phishing scams, malware attacks and security breaches/bugs.

Most scams aim to harvest credentials, however there are many common red flags to look out for which include:
  • Recipient not being directly addressed
  • Sender domains don’t belong to the sites they claim to be from
  • Branding not displayed correctly
  • Spelling Errors
  • Spacing and formatting errors
  • Domains aren’t familiar or not legitimate
  • Poor English used
  • Omit personal details that a legitimate sender would include
  • Sent from businesses that you were not expecting to hear from
  • Stray PHP tag (“?>”) at the bottom of the email.

You need to be particularly aware of:

Australia Post Text Scam

  • This texting scam appears to be a damaged parcel status report from Australia Post.
  • The text includes the recipients name and a photo of the supposed damaged parcel. The text message urges the recipient to resolve their issue via a link provided.
  • Clicking this link will lead the recipient to a fake ‘ interactive parcel management system’ window in which the user is confronted by fake interactive chat bot ‘Suzy’ which requests the users address and financial details.

Auspost scam

 


Harvey Norman Phishing Email

  • This email claims to be from Australian based retail company Harvey Norman and is titled: ‘This comp. entry has been assigned to you’
  • The email informs the recipient that they have won a competition from last year and Harvey Norman is attempting to make contact with them to arrange collection of the prize.
  • The email provides a link for the recipient to check the current status of their competition ID and purports to be sent from the head of customer service.
  • The recipient is requested to  confirm their ID and provide their preferred delivery address in order to claim their prize.

 

Harvey norman scam


 Microsoft-branded Phishing Email

  • This phishing email has been sent from the compromised account belonging to a ‘principal solicitor’ of a company and is titled ‘Property Settlements Advice’.
  • The PDF informs the recipient that a settlement statement is attached for their approval and requests that they confirm the settlement figures are agreed upon as soon as possible with a link  provided for the recipient to view a PDF titled ‘Sales Advice _01’.
  • Unsuspecting recipients who click the link to view the PDF are directed to a page which employs a reCAPTCHA feature.
  • Once the reCAPTCHA is completed the user is led to a fake Microsoft branded login page, once the recipient has submitted their details they are redirected to a real Microsoft login page.

 

Microsoft scam

 


Trezor Phishing Email

  • This email masquerades as a security alert from hardware cryptocurrency wallet, Trezor and is titled ‘Your Trezor assets might be vulnerable’.
  • The email informs recipients that their account has been affected by a security breach and contains Trezor’s logo but is sent from an email which uses a domain not belonging to Trezor.
  • The recipient is advised that in order to stay protected they need to update their ‘12,18 or 24-word phrase’ and create a new PIN for their wallet, with a link provided.
  • Clicking this link leads users to a fake Trezor login page which employs the brand’s logo and branding elements. Here the recipient is asked to submit their existing wallet passphrases in order to update.
  • Once submitted the user receives a confirmation message that their passphrase has now been updated.

 

Trezor Scam

 

If you’d like any further information, assistance with your cyber security or you don’t know where to start, please call us on 1300 478 738 or Email us.

Contact Us

Name(Required)
This field is for validation purposes and should be left unchanged.

Find out how we can help with your IT challenges.

About the author:

Picture of Ash Klemm

Ash Klemm

Ash has over 20 years of experience in sales and marketing. His journey from a casual salesperson at Chandlers to State Manager at a national IT distribution company, while battling health issues, including a double lung transplant in 2015, gave him the experience, know-how, tenacity, and marketing insight, to find solutions and help businesses grow. After spending several years in the ivory tower of state management, Ash missed the genuine connection of face to face meetings and helping make a difference to businesses in need. His authentic, conversational, and easy-going nature helps our customers feel at ease and shows them we are a brand to trust. Ash spends his days advocating for our customers to ensure they receive the best possible service in a timely fashion. Ash is also the in house chair builder. His curiosity and natural problem-solving ability make him the perfect first call for all our new customers to help determine what is wrong, how Surety IT can help and what the best solutions are moving forward.
Scroll to Top