Surety IT Security and Scam Alert

June 2019

Surety IT provides a monthly alert of the scams impacting Australian businesses including phishing scams, malware attacks and security breaches/bugs.

You need to be particularly aware of -

1. ANZ

  • ANZ has once again been exploited in a phishing email scam that uses a display name of 'ANZ' and titled 'Successful BPAY Payment Advice'.
  • Payment related details are provided in the email, including; customer code, payment amount and date etc

  • A link is included to 'view transaction history and provide detail' leading those who click on the URL to a legitimate looking copy of the ANZ login page. 


  • Once login details are entered, users are redirected to a page that simulates a blocked account scenario with 3 questions to be answered which then bounces back and advises that their answers are incorrect. 
  • By sending this email scam, cyber criminals are intending to break into bank accounts with the harvested login details.

2. BankWest

  • BankWest is the latest bank to be brandjacked in where customers are informed via email that their 'online access will be discontinued and deleted due to a failure to comply with our online update regulations'


  • Recipients are then advised 'To avoid the above action, use the Bank West online update form attached to this email'
  • The form requests extensive customer details including personal access number, secure code, telephone banking PIN, personal identity information as well as debit card number information.


  • Red flag in this email is that the banking logo on the form says bankBest instead of BankWest
  • Should recipients complete all required details, the cybercriminals will be able to access all online and mobile banking as well as using the information for identity fraud.

3. Amazon Store Online

  • Fraudulent emails with legitimate looking Amazon store branding have been detected with the subject 'Amazon - Your Order Has been Cancelled' 
  • Recipients are advised that 'Your recent order on AMAZON.COM has been cancelled due to fraudulent activity detected', as well as other messages indicating that a recent order was undelivered due to an address mismatch issue.
  • Users are directed to visit amazon.com/verify-my-account or to click the 'Verify Email' button in the email button which directs users to a page that asks for login credentials.
  • The site present a message advising that Microsoft has detected suspicious activity on their computer. 


  • Sent from compromised sending addresses and using a display name of 'Amazon Head Office' or 'Amazon Support', this phishing scam is designed to trick users into giving login details or to contact a phone number listed on the site. 

4. NAB

  • Sent from numerous compromised accounts, multiple variations of emails have been detected purporting to be from NAB.
  • Using the display name 'NAB Support', the email advises the 'customer' that their password was entered incorrectly more than 3 times and that the security team had to suspend the account and all funds inside.
  • To release the hold on the account, recipients are advised to either visit one of their branches or follow the activation link provided. 

  • Those who click on the link are led to a NAB phishing page which requests the user to enter their NAB internet banking details as well as additional further personal information once logged in. Once all details are entered, users are redirected to the actual NAB website. 

  • The second variation of the email contains a plain text message advising recipients that they have received an Osko deposit with the amount shown. 
  • To obtain further information about the payment, recipients are requested to click the 'View transaction history' link which leads them to a convincing copy of the NAB internet banking login page. 
  • Once users enter their NAB ID and password on the convincing looking page, they are redirected to the actual NAB internet banking login page. 
  • Several red flags in the email include being poorly worded and containing grammatical errors.

5. Westpac

  • Using a display name 'Westpac Bank', emails purporting to be from Westpac are being sent from compromised accounts. 
  • Advising recipients that some unusual activity was noticed on their account and that their account has been temporarily locked, users are provided with a link to re-activate their account. 
  • Those who click on the link are leaded to a Westpac branded phishing page which requests account ID and password.
  • Once these details are entered, they are then requested for further personal information including date of birth, mobile number and drivers license number. 
  • When the second page is submitted, the user is shown that their account is being verified and after a short pause are redirected to the actual Westpac login page. 
  • Red flags in this email include, no branding or customised information, several grammatical inconsistencies and real banks never direct customers to a link to sign in to resolve an issue. 

If you'd like any further information, assistance with your cyber security or you don't know where to start please call us on  1300 478 738 or email us at  info@suretyit.com.au.

About the Author

Geoff Stewart is a highly experienced and skilled Technology Director at Surety IT. His knowledge is based on years of industry experience having created customised, stable, well performing systems both for multi-national companies in the UK and Australia and Surety IT customers.

Surety IT can help you create the right system to enhance your business, ensuring you know how it is right for you and how to use it. We will tailor a solution to suit your needs with leading systems, local support and more, building your vision for a more flexible and capable business.

Call us today on 1300 478 738 or email info@suretyit.com.au to discuss your requirements.