Surety IT Security and Scam Alert

May 2019

Surety IT provides a monthly alert of the scams impacting Australian businesses including phishing scams, malware attacks and security breaches/bugs.

You need to be particularly aware of -

1. USD Wire Transfer

  • Simple emails claiming to contain a payment confirmation are arriving into inboxes


  • The attachment contains a malicious payload when opened.
  • A variant of the same email has also been detected with a new email subject line and refers to a 'Payment Transfer Receipt'.



2. Box Email

  • Popular cloud-based file sharing & collaboration platform for business, Box, is the subject of this latest brandjacking scam. 
  • Whilst the emails are well formatted and accurately represent the brand, they are in fact being sent by cyber criminals. 


  • If clicked, the download contains a link to a phishing site that has been designed to harvest user information and passwords. 

3. Optus

  • Cyber criminals have once again brand jacked Optus
  • Using the display name 'Optus', the emails claim to be an Optus bill notification and contain an account number, bill amount and a due date. 
  • Containing several links that lead to a suspicious website, the emails inform recipients that there is a new account number and changes to the bill layout including how GST is displayed. 
  • Cyber criminals have used several techniques to boost the authenticity of the emails, including incorporating the brand and logo of Optus whilst also providing users bill amounts from previous months. 

4. Microsoft Exchange

  • Cyber criminals are impersonating Microsoft Exchange by sending simple plain-text emails with the subject 'Technical Support' 
  • Recipients are being requested to validate their Microsoft Exchange Outlook account as a 'misuse' of their account has been identified. 
  • The email also threatens account inactivation if not validated within 48 hours. 

  • Should the link in the email be clicked, recipients are led to a suspicious website designed to harvest confidential user information. 



5. Incoming Messages Blocked

  • Using multiple variations and using a display name of "Mail Service", this email has actually been sent from one of several compromised accounts and is designed to harvest confidential information of users. 
  • Advises recipients that their incoming messages are being 'blocked' due to a problem.
  • To retrieve the messages, recipients are encouraged to click on a link titled 'view your email quarantine' and 'release to inbox' 
  • Displayed in a table, all emails that have been quarantined are listed with a subject and what was supposed to be the date but is displaying as %DATE%.

  • Multiple links are included in the email. 'Releahe' links do not lead to a valid page; whilst the 'your email quarantine' and 'open all messages' lead to a compromised website which hosts a phishing page. 



If you'd like any further information, assistance with your cyber security or you don't know where to start please call us on  1300 478 738 or email us at  info@suretyit.com.au.

About the Author

Geoff Stewart is a highly experienced and skilled Technology Director at Surety IT. His knowledge is based on years of industry experience having created customised, stable, well performing systems both for multi-national companies in the UK and Australia and Surety IT customers.

Surety IT can help you create the right system to enhance your business, ensuring you know how it is right for you and how to use it. We will tailor a solution to suit your needs with leading systems, local support and more, building your vision for a more flexible and capable business.

Call us today on 1300 478 738 or email info@suretyit.com.au to discuss your requirements.