Surety IT Security Alert – May 2021

Surety IT provides a monthly security alert of the scams impacting Australian businesses including phishing scams, malware attacks and security breaches/bugs.

Most scams aim to harvest credentials, however there are many common red flags to look out for which include:
  • Recipient not being directly addressed
  • Sender domains don’t belong to the sites they claim to be from
  • Branding not displayed correctly
  • Spelling Errors
  • Spacing and formatting errors
  • Domains aren’t familiar or not legitimate
  • Poor English used
  • Omit personal details that a legitimate sender would include
  • Sent from businesses that you were not expecting to hear from
  • Stray PHP tag (“?>”) at the bottom of the email.

You need to be particularly aware of:

Microsoft & Adobe Spark Phishing Email

  • With the subject of ‘Invitation to Bid’, this phishing email ‘invites your firm to submit a proposal in accordance with this RFP Package’.
  • Due to the size, the file has been uploaded to SharePoint and a link is provided for recipients to view the documents.
  • Originates from a compromised email account.
  • Those who click on the link are led to a web page which requests another link be clicked in order to ‘view proposal’ which also includes the Adobe Spark logo and branding.
  • Once the second link is clicked, users are prompted to sign in via a fake page purporting to be Microsoft which is actually a phishing page hosted on Cloudfare.
  • If credentials are entered, these are then harvested by cybercriminals and prompted that the email or password is incorrect.

Microsoft Scam Alert

 

 


Australia Post Phishing Email

  • Uses a Australia Post branding and a display name of ‘parcelmonitor’ and is sent using a compromised domain that doesn’t belong to parcelmonitor.
  • The email reminds recipients to pay their ‘pending shipping cost’, adding that the delivery will be cancelled if not paid within 48 hours.
  • Recipients who click on the provided link to ‘schedule their delivery’ are led to several phishing pages requesting user deliver preferences including time and shipping address.
  • Domains used don’t belong to Australia Post.
  • Once preferred delivery options are selected, users are then asked to provide personal details such as name, email, phone number and a password of their choice and also valid credit card details.

ParcelMonitor Scam

 


DHL Phishing Email 1

  • Domain used in the senders email address has spoofed DHL and originates from a hosting provider based overseas.
  • High quality DHL branding is used throughout including the logo.
  • Informs recipients that ‘delivery attempt failed’ and warns that if it isn’t rescheduled or picked up within 72 hours, it will be returned to the sender.
  • Those who open the HTML attachment are led to a phishing pages using Adobe PDF branding to log in.
  • Once credentials are entered, recipients are redirected to a compromised external website hosted on Namecheap where information is harvested.
  • Users are then redirected again to a domain associated with the users email address, for example, if Gmail is used, they are redirected to Google.

DHL Scam

 

DHL Phishing Email 2

  • Uses a display name of ‘DHL’ and uses the company’s branding.
  • Senders email originates from a SendGrid account that is likely compromised.
  • Informs users to complete payment of their shipping fee in order to receive the delivery.
  • A tracking code, expected delivery date and a link is provided.
  • Those who click ‘Pay’ are led to a phishing ‘DHL Tracking’ page and requested to confirm payment within 14 days by clicking the ‘next’ button.
  • Users are then requested to provide credit card information, names, addresses and a verification code.
  • The phishing pages used in this scam do not belong to DHL and are hosted on a third-party platform designed to harvest person details.

DHL Scam 2021

Contact Us

Name(Required)
This field is for validation purposes and should be left unchanged.

Find out how we can help with your IT challenges.

About the author:

Picture of Ash Klemm

Ash Klemm

Ash has over 20 years of experience in sales and marketing. His journey from a casual salesperson at Chandlers to State Manager at a national IT distribution company, while battling health issues, including a double lung transplant in 2015, gave him the experience, know-how, tenacity, and marketing insight, to find solutions and help businesses grow. After spending several years in the ivory tower of state management, Ash missed the genuine connection of face to face meetings and helping make a difference to businesses in need. His authentic, conversational, and easy-going nature helps our customers feel at ease and shows them we are a brand to trust. Ash spends his days advocating for our customers to ensure they receive the best possible service in a timely fashion. Ash is also the in house chair builder. His curiosity and natural problem-solving ability make him the perfect first call for all our new customers to help determine what is wrong, how Surety IT can help and what the best solutions are moving forward.
Scroll to Top