Surety IT Security Alert – July 2021

Share on facebook
Share on twitter
Share on linkedin
Share on pocket

Surety IT provides a monthly security alert of the scams impacting Australian businesses including phishing scams, malware attacks and security breaches/bugs.

Most scams aim to harvest credentials, however there are many common red flags to look out for which include:
  • Recipient not being directly addressed
  • Sender domains don’t belong to the sites they claim to be from
  • Branding not displayed correctly
  • Spelling Errors
  • Spacing and formatting errors
  • Domains aren’t familiar or not legitimate
  • Poor English used
  • Omit personal details that a legitimate sender would include
  • Sent from businesses that you were not expecting to hear from
  • Stray PHP tag (“?>”) at the bottom of the email.

You need to be particularly aware of:

 

Telstra

  • Telstra is being impersonated in this latest phishing scam in attempt to obtain sensitive credentials.
  • Sent from ‘Support’ using a compromised website in Germany, it advises recipients that ‘Your contract has been cancelled’ and “We were unable to process your latest bill”
  • A link is provided to try and get users to retry payment.
  • Once the link is clicked, users are redirected to a fake but credible looking Telstra branded web page which attempts to capture usernames and passwords.
  • Other details requested include, credit card details including name, card number, expiry, CCV and mobile number.

Telstra Scam

 


OneDrive & Outlook File-Sharing

  • Designed to harvest credentials, this latest scam email uses a Microsoft OneDrive template and is linked to 2 different phishing pages.
  • Sent from a compromised account which is owned by “Sabari Indian School”, whilst the phishing page is on a Digital Ocean App platform domain which is spoofed using Cloudflare.
  • The links contained in the email, redirect to 2 phishing pages, the first using company branding and the second carries Outlook AWA branding.

OneDrive Scam


USPS

  • Sent using the subject “Missing information and delivery fee, (name) – Update your informations and with USPS Branding, it is designed to harvest personal information.
  • Claims that the item has been held back and to correct your information along with an added fee.
  • Comes from a server hosted by Digital Ocean and uses an intermediary page that takes users to a series of web and credit card payment pages.

 

USPS Scam


LinkedIn

  • Designed to harvest confidential data for malicious intent.
  • Masquerades as an auto-generated notification to inform recipients about a message that has been received.
  • Contains LinkedIn branding elements to boost its legitimacy.
  • ‘View Message’ button redirects to a login page requesting LinkedIn credentials.
  • Phishing page is hosted on a SaaS website development platform – pantheon.io

Linkedin Scam


Microsoft SharePoint

  • Sent from a compromised account belonging to a user at Anglican Care and titled “Anglican Care – Anglican Care DOC”.
  • Masquerades as a document alert for a file being sent using SharePoint.
  • The email contains a link to a .PDF file which when clicked redirects to an intermediary site requesting another link be clicked.
  • Users are requested to provide data such as email addresses & passwords on URLs that don’t belong to Microsoft or Anglicare.

SharePoint Scam


DHL

  • Uses DHL branding, a display name of “DHL express” and is titled “Package tracking:”
  • Advises recipients that they have a “package pending in Terminal 1” and to pay a shipment fee within 48 hours to complete delivery.
  • Those who click the link are redirected to a webpage whereby personal information is requested such as name, address, email, credit card information and phone number.
  • If all requested information is provided, users are met with a prompt supposedly from their bank.

DHL Scam


Australia Post

  • Uses Australia Post branding, a display name of “Post Centre” and is titled “AUPOST/Your package is about to return.”
  • Sent from a potentially compromised Plesk server hosted overseas.
  • Recipients are informed that a package will be returned due to a “wrong shipping address” and are direct to pay ‘extra fees’ via a “Get My Parcel” link.
  • Those who click on the link are led to phishing pages whereby personal details including credit card information is requested.
  • After details are provided, users are prompted for a verification code that has supposedly been sent to their mobile.

 

Aus Post Scam

Find out how we can help with your IT challenges.
Talk to us today 1300 478 738 or Email

Subscribe for the latest industry news, updates and advice.

About the author:

Ash Klemm

Ash Klemm

Ash has over 20 years of experience in sales and marketing. His journey from a casual salesperson at Chandlers to State Manager at a national IT distribution company, while battling health issues, including a double lung transplant in 2015, gave him the experience, know-how, tenacity, and marketing insight, to find solutions and help businesses grow. After spending several years in the ivory tower of state management, Ash missed the genuine connection of face to face meetings and helping make a difference to businesses in need. His authentic, conversational, and easy-going nature helps our customers feel at ease and shows them we are a brand to trust. Ash spends his days advocating for our customers to ensure they receive the best possible service in a timely fashion. Ash is also the in house chair builder. His curiosity and natural problem-solving ability make him the perfect first call for all our new customers to help determine what is wrong, how Surety IT can help and what the best solutions are moving forward.
Scroll to Top