Surety IT Security Alert – April 2021

Surety IT provides a monthly security alert of the scams impacting Australian businesses including phishing scams, malware attacks and security breaches/bugs.

Most scams aim to harvest credentials, however there are many common red flags to look out for which include:
  • Recipient not being directly addressed
  • Sender domains don’t belong to the sites they claim to be from
  • Branding not displayed correctly
  • Spelling Errors
  • Spacing and formatting errors
  • Domains aren’t familiar or not legitimate
  • Poor English used
  • Omit personal details that a legitimate sender would include
  • Sent from businesses that you were not expecting to hear from
  • Stray PHP tag (“?>”) at the bottom of the email.

You need to be particularly aware of:

Netflix Spoofed

  • Once again Netflix has been spoofed, this email informs users that the ‘last invoice statement for march 2021 was paid twice’
  • A link is provided to request a refund within 12 hours.
  • Originates from a third-party that is potentially compromised
  • Those who click on the link are taken to a compromised site hosted by BigCommerce which redirects to a login page.
  • Once users log in, credentials are harvested and taken to another page requesting credit card details and once input are led to a Netflix branded page asking for a one-time code that has been sent to their phone.
  • Red flags include: blank subject, inaccurately spelt display name & the recipient isn’t addressed directly.

Netflix


Aramex Impersonated

  • Using a display name of ‘Aramex’, this latest phishing scam addresses recipients directly and claims that their package is ready to be shipped.
  • Recipients are directed to click on a link to provide some missing information.
  • Originates from a server hosted by Digital Ocean and a recently purchased domain from Namecheap.
  • Those who click on the link are led to a Google Firebase link which redirects to a secondary page designed to look like Aramex where missing information and ‘pay fee’ is requested.
  • Details requested include, email address password, address and multiple different credit card details as the first advises that the card has been declined.
  • Red flags include several spacing & formatting errors, domain not belonging to Aramex.

Aramex

 


Wix Impersonated

  • Malicious email uses a display name of ‘support’ and titled ‘Important Alert From Wix’.
  • Recipients are advised that their payment was processed for a fourth time but ‘failed once again’
  • A link is provided for recipients to update payment information or risk the account being cancelled.
  • Several phishing pages are used should a recipient click the link whereby they are asked to provide login details, credit card details, billing address & email username and password.
  • Once inputted, the credentials are harvest for later use and users are redirected to the actual Wix website.
  • Red flags include: sender email provided in ‘from’ field doesn’t belong to Wix and domain used to log into the Wix website doesn’t belong to Wix.

Wix

Contact Us

Name(Required)
This field is for validation purposes and should be left unchanged.

Find out how we can help with your IT challenges.

About the author:

Picture of Ash Klemm

Ash Klemm

Ash has over 20 years of experience in sales and marketing. His journey from a casual salesperson at Chandlers to State Manager at a national IT distribution company, while battling health issues, including a double lung transplant in 2015, gave him the experience, know-how, tenacity, and marketing insight, to find solutions and help businesses grow. After spending several years in the ivory tower of state management, Ash missed the genuine connection of face to face meetings and helping make a difference to businesses in need. His authentic, conversational, and easy-going nature helps our customers feel at ease and shows them we are a brand to trust. Ash spends his days advocating for our customers to ensure they receive the best possible service in a timely fashion. Ash is also the in house chair builder. His curiosity and natural problem-solving ability make him the perfect first call for all our new customers to help determine what is wrong, how Surety IT can help and what the best solutions are moving forward.
Scroll to Top