Surety IT Security and Scam Alert

August 2019

Surety IT provides a monthly alert of the scams impacting Australian businesses including phishing scams, malware attacks and security breaches/bugs.

You need to be particularly aware of -

1. Paypal

  • PayPal have been spoofed in this latest multi-staged phishing email scam which ironically utilises safety features to steal confidential data of users. 
  • Sent using a compromised account of the newsletter email service (newsletter.com.au) and using the display name "PayPal", this email is a 'quick confirmation' of a 'new email address being added to their PayPal account'




  • Recipients who click on the link 'let us know right away' are led to a convincing copy of the PayPal website and are first shown a 'loading' page containing the PayPal logo. 
  • This page then leads recipients to another PayPal branded login page requesting an email or a mobile number and upon clicking next, are requested to enter their password. Once logged in, recipients are requested to update their billing address and credit card information. 
  • Once all details are submitted, recipients are then directed to the actual PayPal website. 

2. Review Document

  • Sent by a single compromised domain, this email to 'review document' may contain a malicious payload. 
  • Presented by a credible and well-crafted looking DocuSign fake notification, it informs recipients that 'Unicoi State Park & Lodge' has sent them a document. 


  • Those who click on the link are led to what currently is a blank page, but it is important to note that malicious 3rd parties can use these links as a platform for future attacks.
  • Several techniques have been used in this particular email to make it look like a genuine notification from DocuSign and as their service requires users to click a link to download files, it is a convenient trojan horse for malicious attacks.

3. Remittance Advice

  • Masquerading as 'remittance advice', this latest malicious email originates from 3 different compromised domains. 
  • Appearing in plain-text form and an extremely short message body, the subject line advises recipients of a 'remittance advice attached'
  • Those who click on the PDF attachment are led to a fake OneDrive page hosted on box.com

  • Should recipients click on the 'View Document' button, they are led to the actual phishing page which is a multi-platform login form giving options to login using Office 365, Outlook and other email domains. 


  • Using high-definition graphics and branding of well-know email providers, this email has boosted the scam's authenticity by giving an option to use an email address of their choosing which is normally expected from credible and well-established file-hosting services such as OneDrive. 

4. Voicemail

  • Sent via a different sender, the beginning of the email address is randomly generated and each email subject is customised with the domain name of the recipient. 
  • Recipients who click on the attachment are led to a fake Microsoft login page:


  • Designed to harvest confidential details, this emails scam preys on curiosity of recipients who my not be expecting a voice message and contains red flags such as the lack of a message in the email body and an unknown domain.

5. Facebook

  • Using the display name 'Facebook' with a domain to match, this email comes from a single compromised domain made specifically for this scam. 
  • Titled 'Action Required', it informs recipients that their ability to post and new 'stories' and/or events' has been disabled until their identity can be verified by providing scanned copies of valid IDs such as Drivers license, Passport or Medicare card. 
  • Trying to spark panic and concern amongst recipients, this email contains red flags such as formatting errors and spacing issues.

6. Ebay

  • Using the display name 'eBay', this latest email scam is being sent with the subject 'eBay account restriction' 
  • Informs recipients that their 'selling privileges' have been restricted and 'any active or pending listings have been removed' due to 'recent activity' on the account. 
  • Requests recipients to verify their identity by providing scanned copies of valid IDs such as their Drivers' license or Passport
  • The email contains 4 steps on how to do so along with what happens after the documents are submitted. 
  • Designed to harvest confidential data of eBay sellers, this scam contains several red flags including grammatical errors and spacing issues. 

If you'd like any further information, assistance with your cyber security or you don't know where to start please call us on  1300 478 738 or email us at  info@suretyit.com.au.

About the Author

Geoff Stewart is a highly experienced and skilled Technology Director at Surety IT. His knowledge is based on years of industry experience having created customised, stable, well performing systems both for multi-national companies in the UK and Australia and Surety IT customers.

Surety IT can help you create the right system to enhance your business, ensuring you know how it is right for you and how to use it. We will tailor a solution to suit your needs with leading systems, local support and more, building your vision for a more flexible and capable business.

Call us today on 1300 478 738 or email info@suretyit.com.au to discuss your requirements.