Surety IT Security and Scam Alert

April 2019

Surety IT provides a monthly alert of the scams impacting Australian businesses including phishing scams, malware attacks and security breaches/bugs.

You need to be particularly aware of -

1. ATO

  • In this latest phishing scam, the ATO has been targeted in yet another variation of scams distributed by cybercriminals over many years. 
  • Email is sent using display name 'Shipments in transit' and is from a compromised account. 
  • Formatted in plain-text, the email begins with 'Dear sir' and requests recipients contact the ATO

  • Directed to the attached 'Tax Documents', the link within the PDF leads to a phishing page with an ATO logo tiled background.
  • Once on this page, victims are requested to sign in with their email and password, they then are redirected to the Yahoo! login page.

2. Netflix

  • In yet another scam targeting Netflix, this latest phishing scam contains several red flags including grammatical, spelling and spacing errors throughout the email. 
  • Using special characters to obscure the display name of 'Netflix' and sent from a compromised account, this scam advises recipients that they are supposedly facing 'some trouble' with 'billing information'.
  • Recipients are then directed to update their 'MASTERCARD' payment details by clicking on the 'Update Account Now' button. 
  • Those who click are led to a phishing site page hosted on Blogspot which has since been taken down and is no longer being displayed. 


3. Xero

  • Spoofed in yet another scam, cyber criminals are sending hoax invoice notifications purporting to be from Xero.
  • Sent from the domain '@post.xero.com', the email advises recipients that their Xero invoice is ready and the amount will be debited from their credit card on or after '23 Oct 2018'
  • Those who click on the INV link are led to what is currently showing as a blank page but is suspected to serve a malicious file download. 
  • The red flag in this scam is that the real Xero invoices using a PDF attachment rather than a link to an external website. 



4. Optus

  • Optus have once again been targets of cyber crime. 
  • In this latest scam and appearing in several variations using the domain 'optusnet.com.au', this one is designed to result in running a malicious .vbs file. 
  • In the first example, sent in plain text format, the scam advises recipients that their 'Public Question/Statement Time Request Form' is attached. 
  • The email body claims the copy is attached as a 'MS Wd' as the form made the font very small; however the attached is a password protected ZIP archive and if accessed using the password in the email, contains a malicious VBS file. 

 

  • The second example states that it is for a Federal Police Check and asks the recipient to review it. 
  • The body of the email advises that their application is attached; however no files are attached to the email. Instead the words 'attached application' and 'your application' are linked to a .zip file download which contains the malicious VBS file.

.


5. Invoice2Go

  • In this latest scam, cyber criminals are sending hoax invoice notifications purporting to be from the popular invoicing app, Invoice2Go.  
  • Sent by one of several compromised accounts, the display name 'Invoice2go' is used and advises recipients that their 'invoice has not been opened yet' and includes a link to view the invoice. 
  • Currently leading to a blank page, it has been discovered in some cases that the link triggers a download of a malicious file. 
  • Looking quite convincing due to the inclusions of Invoice2Go's branding and  logo, the usage of the subject 'unopened invoice' also creates a sense of mystery and urgency prompting the recipient to view the invoice. 

If you'd like any further information, assistance with your cyber security or you don't know where to start please call us on  1300 478 738 or email us at  info@suretyit.com.au.

About the Author

Geoff Stewart is a highly experienced and skilled Technology Director at Surety IT. His knowledge is based on years of industry experience having created customised, stable, well performing systems both for multi-national companies in the UK and Australia and Surety IT customers.

Surety IT can help you create the right system to enhance your business, ensuring you know how it is right for you and how to use it. We will tailor a solution to suit your needs with leading systems, local support and more, building your vision for a more flexible and capable business.

Call us today on 1300 478 738 or email info@suretyit.com.au to discuss your requirements.