Surety IT Security and Scam Alert – September 2019
Posted by HiRUM Software Solutions -24/09/2019
Surety IT provides a monthly alert of the scams impacting Australian businesses including phishing scams, malware attacks and security breaches/bugs.
You need to be particularly aware of –
Sent from a single compromised address, using the display name ‘NAB Online’, this latest scam is titled ‘You Have One New Important Message’.
The body of the email claims that a hold has been placed in their card as ‘usage in a different location’ has been detected. They are then directed to visit their nearest branch or click on the provided link to ‘get verified within minutes’.
Those who click on the link are led to a compromised WordPress phishing site that is designed to harvest confidential details:
Once logged in, users are taken to a similar page requesting security information and debit card verification
Upon submitting the form, the user is then directed to a thank you page.
Poorly worded and grammatical mistakes are red flags contained in this email scam.
2. Remittance Advice
Masquerading as a Remittance advice, this email scam originates from a few different compromised addresses.
The body of the email includes an image resembling a PDF document and informs recipients that payment has been made on their behalf and to contact the ‘AP email’ if they have any inquiries.
Those who click on the PDF are directed to a URL that downloads a suspicious .JAR file, designed to execute the malicious payload when opened.
3. Update Your Account
Sent with the subject ‘Mailbox Error’, the email originates from a single compromised address from a French domain.
Notifies recipients that as their account is ‘not updated’, it may possibly lead to a ‘permanent deactivation’ and a link is provided to update the account.
Those who click on the link are redirected to a fake Microsoft Exchange phishing page where they are requested to input their credentials
Should recipients submit the form, the users credentials are harvested even though it seemed nothing happened.
Purporting to be from LinkedIn, the body of the email is crafted in a way that is similar to a legitimate notification.
The email invites recipients to ‘start a conversation’ and uses a photo supposedly of the senders LinkedIn profile.
Recipients who click on the ‘read message’ link are led to a fake but realistic looking LinkedIn login page
Designed to harvest confidential data of LinkedIn users for malicious intent, those who ‘sign in’ are then led to the legitimate LinkedIn login page.
Red flags contained in this scam include formatting errors such as multiple spacing errors.
5. NAB Again
Similar to a previous scam, this email is sent via two different compromised email addresses and uses a display name of ‘NAB online’.
The body of the email informs recipients that a hold on their card has occurred due to usage being detected in a ‘different location’
Recipients are directed to visit any NAB bank to ‘resolve this problem’ or ‘download the attached form and get verified in minutes’
Those who open the attachment form are required to provide their user credentials and personal information which is harvested upon submission. The user is then redirected to a fake confirmation page.
6. Commonwealth Bank
Sent via a compromised address, the email uses a display name of ‘Commonwealth Bank of Australia’ and is addressed to ‘Valued Customer’.
Informs recipients that they have ‘1 IMPORANT-security message(s) from NetBank Security team’ and a link is provided to view the message.
Should recipients click on the link, they are directed to a very real looking but fake phishing page disguised as the Commonwealth netBank login page where they are requested to insert their login credentials.
Once ‘logged in’, users are then redirected to the actual Commonwealth Bank web portal.
Red flags within this scam include formatting and grammatical errors.
Sent via a single compromised email address and purporting to be from HubDoc, this email uses a display name of ‘Genscape Australia Pty Ltd’ and informs recipients of the arrival of a new statement.
Recipients who click on the ‘View Document’ button are directed to what is currently a blank page that could potentially download a malicious payload in the future.
If you’d like any further information, assistance with your cyber security or you don’t know where to start please call Surety IT on 1300 478 738 or email us at firstname.lastname@example.org.
About the Author
Geoff Stewart is a highly experienced and skilled Technology Director at Surety IT. His knowledge is based on years of industry experience having created customised, stable, well performing systems both for multi-national companies in the UK and Australia and Surety IT customers.
Surety IT can help you create the right system to enhance your business, ensuring you know how it is right for you and how to use it. We will tailor a solution to suit your needs with leading systems, local support and more, building your vision for a more flexible and capable business.