Surety IT Security Alert – September 2018

Surety IT provides a monthly alert of the scams impacting Australian businesses including phishing scams, malware attacks and security

You need to be particularly aware of  –

1. NAB Bank Branding Hijacked

  • A new phishing scam has been detected that looks like it has been sent by NAB Bank.
  • It advises the recipient that their account ‘is now locked’.
  • The link in the message takes the victim to a phishing page made to look like a real NAB login portal.
  • The phishing page harvests the personal login information of the victim and forwards them to a second page which collects their credit card
  • To identify the scam,  If you look at the email address of the original email sent, you will see it is not a NAB official


2. St George Bank Email Scam

  • A new phishing scam has been detected that has brand-jacked St George Bank.
  • This phishing email hopes that the victim clicks on the link which directs them to a fake but convincing St George Bank login page.
  • If the victim inputs their details, the scammers have all the details they need to access the account and take any money in it.

3. Naffco Email Scam

  • A new scam has been detected that claims to be from Naffco.
  • If a victim clicks on the document attachment link they are directed to a malware infected Dropbox File.
  • If clicked, the victim’s computer can be infected with viruses, spyware and crypto-jacking malware.

4. ANZ Internet Banking Scam

  • This new scam email uses ANZ branding in attempt to steal internet banking credentials and personal details.
  • There is a link in the email that directs victims to a fake but very real landing page for ANZ internet banking, where customer
    registration number and password is requested.
  • Once the login credentials are entered, the victim is then asked for their full personal details including drivers license number, mobile
    number, date of birth and full name.

5. Office 365 ‘Failure to Sync’

  • A new scam has been detected that claims to be from Office 365 advising that the email account ‘failed to connect’.
  • If a victim clicks the ‘Retrieve Messages’ link, they are directed to a fake Office 365 portal.
  • Check the sender of the email before clicking any links to determine if it is a legitimate email from Office 365
  • If
    the link is clicked, the scammers have the victims legitimate credentials to then use themselves.

Contact Us

This field is for validation purposes and should be left unchanged.

Find out how we can help with your IT challenges.

About the author:

Picture of Ash Klemm

Ash Klemm

Ash has over 20 years of experience in sales and marketing. His journey from a casual salesperson at Chandlers to State Manager at a national IT distribution company, while battling health issues, including a double lung transplant in 2015, gave him the experience, know-how, tenacity, and marketing insight, to find solutions and help businesses grow. After spending several years in the ivory tower of state management, Ash missed the genuine connection of face to face meetings and helping make a difference to businesses in need. His authentic, conversational, and easy-going nature helps our customers feel at ease and shows them we are a brand to trust. Ash spends his days advocating for our customers to ensure they receive the best possible service in a timely fashion. Ash is also the in house chair builder. His curiosity and natural problem-solving ability make him the perfect first call for all our new customers to help determine what is wrong, how Surety IT can help and what the best solutions are moving forward.
Scroll to Top