Surety IT Security and Scam Alert - September 2018 

Surety IT provides a monthly alert of the scams impacting Australian businesses including phishing scams, malware attacks and security breaches/bugs.

You need to be particularly aware of  -

1. NAB Bank Branding Hijacked

  • A new phishing scam has been detected that looks like it has been sent by NAB Bank.
  • It advises the recipient that their account 'is now locked'.

  • The link in the message takes the victim to a phishing page made to look like a real NAB login portal.
  • The phishing page harvests the personal login information of the victim and forwards them to a second page which collects their credit card details.
  • To identify the scam,  If you look at the email address of the original email sent, you will see it is not a NAB official address. 

2. St George Bank Email Scam 

  • A new phishing scam has been detected that has brand-jacked St George Bank.
  • This phishing email hopes that the victim clicks on the link which directs them to a fake but convincing St George Bank login page.
  • If the victim inputs their details, the scammers have all the details they need to access the account and take any money in it.

3. Naffco Email Scam

  • A new scam has been detected that claims to be from Naffco.
  • If a victim clicks on the document attachment link they are directed to a malware infected Dropbox File.
  • If clicked, the victim's computer can be infected with viruses, spyware and crypto-jacking malware. 

4. ANZ Internet Banking Scam

  • This new scam email uses ANZ branding in attempt to steal internet banking credentials and personal details. 
  • There is a link in the email that directs victims to a fake but very real landing page for ANZ internet banking, where customer registration number and password is requested. 
  • Once the login credentials are entered, the victim is then asked for their full personal details including drivers license number, mobile number, date of birth and full name.


5. Office 365 'Failure to Sync'

  • A new scam has been detected that claims to be from Office 365 advising that the email account 'failed to connect'. 
  • If a victim clicks the 'Retrieve Messages' link, they are directed to a fake Office 365 portal.
  • Check the sender of the email before clicking any links to determine if it is a legitimate email from Office 365
  • If the link is clicked, the scammers have the victims legitimate credentials to then use themselves. 

If you'd like any further information, assistance with your cyber security or you don't know where to start please call us on 1300 478 738  or email us at

About the Author

Geoff Stewart is a highly experienced and skilled Technology Director at Surety IT. His knowledge is based on years of industry experience having created customised, stable, well performing systems both for multi-national companies in the UK and Australia and Surety IT customers.

Surety IT can help you create the right system to enhance your business, ensuring you know how it is right for you and how to use it. We will tailor a solution to suit your needs with leading systems, local support and more, building your vision for a more flexible and capable business. Call us today on 1300 478 738 or email to discuss your requirements.