Surety IT Security and Scam Alert - March 2018

Surety IT provides a monthly alert of the scams impacting Australian businesses including phishing scams, malware attacks and security breaches/bugs.

You need to be particularly aware of  -

1. Fake 'Corral Photography' Invoice




  • The email impersonates an Australian wedding photography company; 'Corral Photography.'
  • The emails are designed to look like invoice notifications from the photographer and contain a ‘view invoice’ link which directs the victim of the scam to a file containing malware - see screenshot, above.
  • The malicious emails are being sent from a compromised MailChimp account and display a variety of sender addresses.

2. Fake Quickbooks Email


  • A new criminal-intent email is designed to look like a Quickbooks invoice notification - see screenshot above.
  • The purpose of this email is to get the receiver to click on a link in the email that would take them to an archived file containing malware.
  • Once the victim’s computer is infected with malware it may be used by cybercriminals in a number of ways: to mount botnet attacks, run ransomware, spy on computer networks or launch further email scams.
  • This email scam is quite well designed and is exploiting Quickbooks branding to convince victims that it is an authentic notification email. If you see a message of this type in your inbox exercise extreme caution.

3. Fake Major Telcos Email


  • Major Australian telcos Vodafone, Telstra and Bigpond are having their brands exploited in a new email scam
  • This email appears to be delivering a ‘wire transfer receipt’ as a .pdf attachment, but the attached document contains malicious code that is activated if the file is opened.
  • The scammers behind this attack have used compromised email accounts with telco domains to lend credibility to the messages.
  • To avoid harm to your computer, don’t open this message if it appears in your inbox


4. Fake MYOB Invoice 

  • The message received is designed to look like a genuine invoice message.
  • It has a MYOB trademark but when the victim clicks on the 'view invoice' link they are delivered to a malware file instead.
  • There are a variety of sender names and addresses associated with this attack.


5. Dropbox Phishing Scam 

  • In this scam email, the Dropbox logo is copied onto their emails to lend authenticity to their scams
  • This is a typical phishing email informs recipients that they have received some files and invites them to click on a link to view them.
  • When the recipient clicks on links of this sort they are directed to fake login pages that are set up to look like the real Dropbox website, but actually just harvest their login details.
  • Scammers use Dropbox accounts they hijack in this way to store malicious files or they can sell the login credentials to third parties.


6. Fake Ezi Office Supplies Email

  • A new criminal-intent email is exploiting Ezi Office Supplies branding.
  • This scam email is well formatted and looks like a legitimate invoice notification.
  • The ‘view bill’ link in the message takes scam victims to a zipped file on the actual Ezi Office Supplies website - eziofficesupplies.com.au - which contains JavaScript malware.


7. Fake Ebay Invoice

  • This scam message exploits fake eBay branding to deceive victims into downloading a harmful file.
  • This email is designed to look like an invoice from eBay. The ‘view invoice’ link button in the message points to an archived file which contains JavaScript malware.
  • Scammers use cleverly designed fake messages like this one to deliver all sorts of malware including viruses, ransomware and spyware.
  • The sending domain in this email, ‘ebayonlinesale.com’ looks quite convincing, but actually this domain was just registered yesterday in China, probably for the specific purpose of this scam.


8. Fake Office 365 Phishing Attack

  • This  phishing attack exploits the trademarks of Microsoft Office 365 and Xerox.
  • This scam email attack takes the form of a plain text message purporting to be a Xerox document sharing notification. 
  • If the recipient clicks on the ‘view document’ link they are taken to a phishing page hosted on a compromised Wordpress site.
  • The scammers behind this attack have set up their phishing page to look like an Office 365 sign in portal.
  • The objective of the scam is to harvest victim’s login credentials when they sign into the fake portal.
  • Phishing scams can result in serious data breaches for individuals and companies which are costly and potentially very damaging to computer systems.

9. Fake Xero Invoice 

  • This email scam uses fake ‘Xero’ domains in the sender addresses.
  • This message is designed to look like an invoice notification from ‘The Advocates Property Advisory.’
  • The message contains a ‘view invoice’ link which if clicked, directs the scam victim to download an MS Word .doc file containing hidden malware.
  • Victims who unwittingly click through to the fake 'invoice' document and open it will activate hidden code in the file that will infect their computer without their knowledge.


If you'd like any further information, assistance with your cyber security or you don't know where to start please call us on  1300 4 787 389 or email us at  info@suretyit.com.au.

About the Author

Geoff Stewart is a highly experienced and skilled Technology Director at Surety IT. His knowledge is based on years of industry experience having created customised, stable, well performing systems both for multi-national companies in the UK and Australia and Surety IT customers.

Surety IT can help you create the right system to enhance your business, ensuring you know how it is right for you and how to use it. We will tailor a solution to suit your needs with leading systems, local support and more, building your vision for a more flexible and capable business.

Call us today on 1300 4 787 389 or email info@suretyit.com.au to discuss your requirements.