Surety IT provides a monthly alert of the scams impacting Australian businesses including phishing scams, malware attacks and security breaches/bugs.
You need to be particularly aware of –
1. Telstra and DocuSign
In order to boost legitimacy, cybercriminals have gone a step further and included both Telstra and DocuSign in this latest email scam.
The email advises recipients that Telstra has sent them a document to review and sign.
Sent from a supposed contact from a Telstra Business Centre branch, their name is used in multiple locations including the message body.
Recipients who click on the link ‘Review Document’ may initiate a malicious file download to their computer.
Using a display name of ‘NETFLlX’ with a lower case ‘L’ to replace the ‘i’, this message advises recipients that their account has been suspended due to verification issues.
The link ‘Update Your Details’ leads to a Netflix branded phising page
This phishing scam goes to great lengths to incorporate the exact colour scheme, logo, fonts and popular images found on Netflix pages to further convince recipients of the legitimacy of the email.
Red flags on this email include, grammatical and spelling errors with the message body as well as spacing errors.
3. Apple Store
In this latest phishing scam, emails claiming to be from Apple Store are infiltrating inboxes.
Informing of an invoice arrival, recipients are advised to open a PDF in order to view the invoice.
The PDF attachment contains a receipt for the purchase of a mobile game called “Mobile Legends Bang Bang’ and contains several elements to make the receipt look legitimate.
The receipt also advises users to cancel the purchase immediately if they did not make the purchase or if they believe an unauthorised person has accessed their account.
Should recipients click ‘Cancel and Manage Purchasing’, they are redirected to a legitimate looking Apple login page which is designed to steal their login details.
Red flags contained in this scam include the email not addressing the recipient directly and several spacing and grammatical errors.
4. Local Bitcoins
Claiming to be from LocalBitcoins, this latest phishing scam use details of the same compromised account in both the sender and recipient fields.
Informing recipients that LocalBitcoins is currently undergoing a maintenance exercise and as such need to verify and upgrade their user account via a provided link.
Also advises that failure to do so may result in the cancellation of their account.
Those who click on the link are directed to a legitimate looking LocalBitcoiuns webpage which includes the logo and branding of the actual LocalBitcoins website.
Users are then asked for their username and password, as well as their email and email password.
Once the form is submitted, users are redirected to the actual LocalBitcoins login page.
Red flags to watch out for in this scam include the email not addressing the recipient by name, the body of the email containing spelling and spacing errors and also including a mix of lowercase and uppercase letters in a sentence.
In a currently ongoing scam, emails are hitting inboxes claiming to be from Optus using the domain ‘optusnet.com.au’
Appearing in multiple variations as seen below, the emails contain similar formatting with most appearing in plain-text form.
Advising recipients that a document is available, the link, if clicked, leads to a malicious file download.
If you’d like any further information, assistance with your cyber security or you don’t know where to start please call Surety IT on 1300 478 738 or email firstname.lastname@example.org.
About the Author
Geoff Stewart is a highly experienced and skilled Technology Director at Surety IT. His knowledge is based on years of industry experience having created customised, stable, well performing systems both for multi-national companies in the UK and Australia and Surety IT customers.