Surety IT Security and Scam Alert

July 2019

Surety IT provides a monthly alert of the scams impacting Australian businesses including phishing scams, malware attacks and security breaches/bugs.

You need to be particularly aware of -

1. Office 365

  • Sent via a compromised email address and purporting to be from Office 365, a new phishing scam is landing in inboxes informing recipients that some messages have been delayed due to be them being identified as spam. 
  • It advises that the recipient can review these and choose how to proceed by clicking the "Review Message" link.
  • Those who click on the link are redirected to a Microsoft blob hosted phishing page which looks like the actual Office 365 login screen and are requested to select their account from a list.
  • Should they click on the account, they are then requested to enter their password and click login which causes the page to indicate it is loading.  


  • Red flags in this scam include that the email body isn't well-formatted and contains grammatical & spacing errors.

2. Audio Email

  • Uses the display name of "Notifications", titled "You Have Received An AudioEmail" and sent from a compromised email account
  • Advises recipients that they have received a new 'Audio Email' from their address book and that a call back is required

  • Details on the supposed audio note, including duration, date & time are attached which also includes a link to listen to the full message. 
  • Those who click on the link are led to a compromised Sharepoint account which provides another link to listen to the full message. 
  • Should the 'Listen to Full Message Here' link be clicked, recipients are led to a OneDrive for business page which states that the file cannot be previewed and includes another link to open the full file.
  • The recipient is then directed to a phishing page purporting to be Microsoft which appears as a legitimate sign in page. 


3. Microsoft

  • Sent via a compromised email account, the display name corresponds to the recipient's email address and is titled 'error message'
  • The email informs recipients that their emails are stuck on the server pending their session 'revalidation' as they are ''still using an outdated email settings'. 
  • They are then directed via a link  to use a 'maintenance portal' to update and retrieve their messages.
    • Those who click on the link are taken to a Microsoft Forms hosted form titled 'Microsoft Maintenance Portal' which requests email and password details. 
    • Once the details are submitted, users are directed to another portal page that confirmed their response was submitted successfully. 

    4. Dropbox

    • Sent via a single compromised domain and appears as an auto-generated email from Dropbox
    • Including a purchase order reference number, the email informs recipients that a new purchase order has been shared with them and to click a link to view the purchase order. 
    • Recipients who click on the 'View File' button are led to a highly suspicious blank page that is not associated with Dropbox which contains an error message. 


    5. Suncorp

    • In an attempt to harvest login credentials and originally sent from the forged 'suncorp.com.au' domain, the email is titled 'ACTION REQUIRED: Verify your ID for next level security' and contains a short message requesting ID verification to be completed via a link. 

    • Those who click on the 'Verify Now' button are redirected to a Suncorp branded phishing page that requests their account ID and password as well as the secret token code. 
    • Once logged in, recipients are taken to a photo ID verification page which directs them to upload a photo of a legal identification document such as their passport. They are then requested to input additional personal details such as address, date of birth and phone number. 


    • Once users click on the 'update button', they are led to a 'thank you' page, informing them that they have successfully finished verifying their ID and are redirected to the login page. 

    If you'd like any further information, assistance with your cyber security or you don't know where to start please call us on  1300 478 738 or email us at  info@suretyit.com.au.

    About the Author

    Geoff Stewart is a highly experienced and skilled Technology Director at Surety IT. His knowledge is based on years of industry experience having created customised, stable, well performing systems both for multi-national companies in the UK and Australia and Surety IT customers.

    Surety IT can help you create the right system to enhance your business, ensuring you know how it is right for you and how to use it. We will tailor a solution to suit your needs with leading systems, local support and more, building your vision for a more flexible and capable business.

    Call us today on 1300 478 738 or email info@suretyit.com.au to discuss your requirements.