Surety IT Security Alert – November 2018

Surety IT provides a monthly alert of the scams impacting Australian businesses including phishing scams, malware attacks and security

You need to be particularly aware of  –

1. Apple Pay

  • A new phishing scam has been detected that looks like it has been sent by Apple Pay disguised as a legitimate-looking receipt
    informing recipients of an ‘integrated purchase’.
  • Detected from two compromised accounts, this phishing scam is designed to steal confidential personal and billing information.
  • The email contains several links which lead to a copy of the Apple login page.
  • Once on the login page, the victims are asked to input their Apple ID and password, they are then taken to another page advising them that
    their account is locked.
  • Once the ‘unlock your account’ link is clicked, the user is asked to provide billing details, another page follows requesting additional
  • As a last step, recipients are then asked for a one-time authorisation to be sent to their mobile and once complete, they are redirected
    to the legitimate Apple login page.

2. MyGov

  • A new phishing scam has been detected that has brand-jacked My Gov and the Australian Government.
  • The email advises recipients to click on a link to enable identity verification in hope of stealing personal information.
  • Once the link is clicked, recipients are taken to a login page for MyGov
  • Once logged in, the user is then asked to upload some proof of identity documents including front and back images of a drivers license
    and a utility bill.
  • Once the documents are uploaded, they are then asked to log into their bank accounts to complete the verification.
  • Clicking on any of the bank logos directs victims to another log in page and requests bank account information to be entered.
  • Once these steps have been completed, the victim is informed that their identity has been verified and are redirected to the actual
    myGov website.

3. DHL

  • A new scam has been detected that claims to be an ‘Arrival Notification’ from DHL.
  • Directed to a bogus landing page, recipients are asked for their email address and password, with the intention of using the details
    for future use.
  • Several variants of this scam has been detected and in some cases, the link loads blank pages and others to the phishing page.

4. ANZ

  • A new scam has been detected that has brandjacked ANZ.
  • Particularly malicious, this scam has adopted multiple strategies to appear as a legitimate notification from ANZ bank.
  • Sent from an ‘’ address and a display name of ‘ANZ Bnak’. The misspelling of the display name is most likely an attempt to
    bypass checks looking for the correct spelling.
  • There is a link in the email that requests victims to confirm their identity by completing a series of challenge questions.
  • Led to an ANZ branded phishing page, victims are tricked into revealing their bank account details.

 5. Westpac

  • A new scam has been detected that claims to be from Westpac advising recipients their account has been locked in attempt to steal
    confidential data.
  • For the victim to unlock their account, they are directed to verify their identity within 24 hours or face ‘full online suspension’
  • Contained in an attached PDF, instructions are provided which include the logo and branding of Westpac.
  • The PDF adds that if users initiated the unsuccessful login attempt, they don’t need to worry. However, if it was not them they should
    update their account via the Westpac support site with the link provided.
  • If the link is clicked, victims are led to a site that is offline and is suspected to have hosted the Westpac branded phishing page.


  • A new scam has been detected claiming to be from MYOB.
  • Sent from multiple compromised email accounts, this email informs recipients that their invoice is due in 3 days.
  • A link is provided to view the invoice, which leads to either an offline webpage or a blank page.
  • These pages are suspected to host either a phishing page or a malicious payload.

Contact Us

This field is for validation purposes and should be left unchanged.

Find out how we can help with your IT challenges.

About the author:

Picture of Ash Klemm

Ash Klemm

Ash has over 20 years of experience in sales and marketing. His journey from a casual salesperson at Chandlers to State Manager at a national IT distribution company, while battling health issues, including a double lung transplant in 2015, gave him the experience, know-how, tenacity, and marketing insight, to find solutions and help businesses grow. After spending several years in the ivory tower of state management, Ash missed the genuine connection of face to face meetings and helping make a difference to businesses in need. His authentic, conversational, and easy-going nature helps our customers feel at ease and shows them we are a brand to trust. Ash spends his days advocating for our customers to ensure they receive the best possible service in a timely fashion. Ash is also the in house chair builder. His curiosity and natural problem-solving ability make him the perfect first call for all our new customers to help determine what is wrong, how Surety IT can help and what the best solutions are moving forward.
Scroll to Top