Surety IT provides a monthly alert of the scams impacting Australian businesses including phishing scams, malware attacks and security
breaches/bugs.
You need to be particularly aware of –
1. USD Wire Transfer
- Simple emails claiming to contain a payment confirmation are arriving into inboxes
- The attachment contains a malicious payload when opened.
- A variant of the same email has also been detected with a new email subject line and refers to a ‘Payment Transfer Receipt’.
2. Box Email
- Popular cloud-based file sharing & collaboration platform for business, Box, is the subject of this latest brandjacking scam.
- Whilst the emails are well formatted and accurately represent the brand, they are in fact being sent by cyber criminals.
- If clicked, the download contains a link to a phishing site that has been designed to harvest user information and passwords.
3. Optus
- Cyber criminals have once again brand jacked Optus
- Using the display name ‘Optus’, the emails claim to be an Optus bill notification and contain an account number, bill amount and a due
date. - Containing several links that lead to a suspicious website, the emails inform recipients that there is a new account number and changes to
the bill layout including how GST is displayed.
- Cyber criminals have used several techniques to boost the authenticity of the emails, including incorporating the brand and logo of Optus
whilst also providing users bill amounts from previous months.
4. Microsoft Exchange
- Cyber criminals are impersonating Microsoft Exchange by sending simple plain-text emails with the subject ‘Technical Support’
- Recipients are being requested to validate their Microsoft Exchange Outlook account as a ‘misuse’ of their account has been
identified. - The email also threatens account inactivation if not validated within 48 hours.
- Should the link in the email be clicked, recipients are led to a suspicious website designed to harvest confidential user information.
5. Incoming Messages Blocked
- Using multiple variations and using a display name of “Mail Service”, this email has actually been sent from one of several
compromised accounts and is designed to harvest confidential information of users. - Advises recipients that their incoming messages are being ‘blocked’ due to a problem.
- To retrieve the messages, recipients are encouraged to click on a link titled ‘view your email quarantine’ and ‘release to inbox’
- Displayed in a table, all emails that have been quarantined are listed with a subject and what was supposed to be the date but is
displaying as %DATE%. - Multiple links are included in the email. ‘Releahe’ links do not lead to a valid page; whilst the ‘your email quarantine’ and ‘open all
messages’ lead to a compromised website which hosts a phishing page.
