Surety IT Security Alert – May 2019

Share on facebook
Share on twitter
Share on linkedin
Share on pocket

Surety IT provides a monthly alert of the scams impacting Australian businesses including phishing scams, malware attacks and security
breaches/bugs.

You need to be particularly aware of –

1. USD Wire Transfer

  • Simple emails claiming to contain a payment confirmation are arriving into inboxes

  • The attachment contains a malicious payload when opened.
  • A variant of the same email has also been detected with a new email subject line and refers to a ‘Payment Transfer Receipt’.


2. Box Email

  • Popular cloud-based file sharing & collaboration platform for business, Box, is the subject of this latest brandjacking scam. 
  • Whilst the emails are well formatted and accurately represent the brand, they are in fact being sent by cyber criminals. 

  • If clicked, the download contains a link to a phishing site that has been designed to harvest user information and passwords. 

3. Optus

  • Cyber criminals have once again brand jacked Optus
  • Using the display name ‘Optus’, the emails claim to be an Optus bill notification and contain an account number, bill amount and a due
    date. 
  • Containing several links that lead to a suspicious website, the emails inform recipients that there is a new account number and changes to
    the bill layout including how GST is displayed. 

  • Cyber criminals have used several techniques to boost the authenticity of the emails, including incorporating the brand and logo of Optus
    whilst also providing users bill amounts from previous months. 

4. Microsoft Exchange

  • Cyber criminals are impersonating Microsoft Exchange by sending simple plain-text emails with the subject ‘Technical Support’ 
  • Recipients are being requested to validate their Microsoft Exchange Outlook account as a ‘misuse’ of their account has been
    identified. 
  • The email also threatens account inactivation if not validated within 48 hours. 

  • Should the link in the email be clicked, recipients are led to a suspicious website designed to harvest confidential user information. 


5. Incoming Messages Blocked

  • Using multiple variations and using a display name of "Mail Service", this email has actually been sent from one of several
    compromised accounts and is designed to harvest confidential information of users. 
  • Advises recipients that their incoming messages are being ‘blocked’ due to a problem.
  • To retrieve the messages, recipients are encouraged to click on a link titled ‘view your email quarantine’ and ‘release to inbox’ 
  • Displayed in a table, all emails that have been quarantined are listed with a subject and what was supposed to be the date but is
    displaying as %DATE%.

  • Multiple links are included in the email. ‘Releahe’ links do not lead to a valid page; whilst the ‘your email quarantine’ and ‘open all
    messages’ lead to a compromised website which hosts a phishing page. 


If you’d like any further information, assistance with your cyber security or you don’t know where to start please call us on  1300
478 738

or email us at  info@suretyit.com.au.

About the author:

Geoff Stewart

Geoff Stewart

Geoff Stewart is a highly experienced and skilled IT Challenger at Surety IT. His knowledge is based on years of industry experience having created customised, stable, well performing systems both for multi-national companies in the UK and Australia and Surety IT customers.

Surety IT’s mission is to address and overcome the 4 biggest problems businesses have with their IT systems and support which are: poorly performing systems, unreliable systems, unresponsive IT support and poor IT related advice.

We’ve developed a proprietary process that allows us to do that by: thoroughly understanding your business requirements, gaining an in-depth knowledge of your IT systems, identifying mission critical technology issues vital to your business performance and ensuring our ‘Solution Path’ process is specifically designed and tailored for you with value based solutions and support.

Give us a call or send us a message on our contact page to find out more about how we go about achieving these outcomes.

Scroll to Top