Surety IT Security Alert – April 2021

Share on facebook
Share on twitter
Share on linkedin
Share on pocket
Cartoon depiction of scammer at a computer

Surety IT provides a monthly security alert of the scams impacting Australian businesses including phishing scams, malware attacks and security breaches/bugs.

Most scams aim to harvest credentials, however there are many common red flags to look out for which include:
  • Recipient not being directly addressed
  • Sender domains don’t belong to the sites they claim to be from
  • Branding not displayed correctly
  • Spelling Errors
  • Spacing and formatting errors
  • Domains aren’t familiar or not legitimate
  • Poor English used
  • Omit personal details that a legitimate sender would include
  • Sent from businesses that you were not expecting to hear from
  • Stray PHP tag (“?>”) at the bottom of the email.

You need to be particularly aware of:

Netflix Spoofed

  • Once again Netflix has been spoofed, this email informs users that the ‘last invoice statement for march 2021 was paid twice’
  • A link is provided to request a refund within 12 hours.
  • Originates from a third-party that is potentially compromised
  • Those who click on the link are taken to a compromised site hosted by BigCommerce which redirects to a login page.
  • Once users log in, credentials are harvested and taken to another page requesting credit card details and once input are led to a Netflix branded page asking for a one-time code that has been sent to their phone.
  • Red flags include: blank subject, inaccurately spelt display name & the recipient isn’t addressed directly.

Netflix


Aramex Impersonated

  • Using a display name of ‘Aramex’, this latest phishing scam addresses recipients directly and claims that their package is ready to be shipped.
  • Recipients are directed to click on a link to provide some missing information.
  • Originates from a server hosted by Digital Ocean and a recently purchased domain from Namecheap.
  • Those who click on the link are led to a Google Firebase link which redirects to a secondary page designed to look like Aramex where missing information and ‘pay fee’ is requested.
  • Details requested include, email address password, address and multiple different credit card details as the first advises that the card has been declined.
  • Red flags include several spacing & formatting errors, domain not belonging to Aramex.

Aramex

 


Wix Impersonated

  • Malicious email uses a display name of ‘support’ and titled ‘Important Alert From Wix’.
  • Recipients are advised that their payment was processed for a fourth time but ‘failed once again’
  • A link is provided for recipients to update payment information or risk the account being cancelled.
  • Several phishing pages are used should a recipient click the link whereby they are asked to provide login details, credit card details, billing address & email username and password.
  • Once inputted, the credentials are harvest for later use and users are redirected to the actual Wix website.
  • Red flags include: sender email provided in ‘from’ field doesn’t belong to Wix and domain used to log into the Wix website doesn’t belong to Wix.

Wix

Find out how we can help with your IT challenges.
Talk to us today 1300 478 738 or Email

Subscribe for the latest industry news, updates and advice.

About the author:

Geoff Stewart

Geoff Stewart

Geoff Stewart is a highly experienced and skilled IT Challenger at Surety IT. His knowledge is based on years of industry experience having created customised, stable, well performing systems both for multi-national companies in the UK and Australia and Surety IT customers.

Surety IT’s mission is to address and overcome the 4 biggest problems businesses have with their IT systems and support which are: poorly performing systems, unreliable systems, unresponsive IT support and poor IT related advice.

We’ve developed a proprietary process that allows us to do that by: thoroughly understanding your business requirements, gaining an in-depth knowledge of your IT systems, identifying mission critical technology issues vital to your business performance and ensuring our ‘Solution Path’ process is specifically designed and tailored for you with value based solutions and support.

Give us a call or send us a message on our contact page to find out more about how we go about achieving these outcomes.

Scroll to Top