Email Security Threats, Alerts, News and Trends
Suspicious Emails Alert! The threat landscape is always changing which is why we keep our eye on new products that can simplify email security, and streamline the way you and your team work. SMX will keep you up-to-date on suspicious email security threats, alerts, news and trends on this page, so that you know what to look out for.
Please be vigilant in protecting your computer, do not click on any link or download any attachment from someone you don't know. If you receive any suspicious emails, please report these to us.
Below are some Government sites that you may wish to visit that will give you more information on current cyber security trends:
- Australian Cyber Security Centre (ACSC)
- Computer Emergency Response Team (CERTNZ)
CERTNZ Quarterly Reports - New Zealand National Cyber Security Centre (NCSC)
NCSC News
Microsoft Exchange email attack
Last updated 08/03/2021 1:56pm
There is a recent worldwide attack on Microsoft Exchange servers which has impacted a large number of users around the world. Please ensure your systems and servers are up to date and educate users about any possible impact them them or their machines.
For more information see https://www.bbc.com/news/world-us-canada-56304379
Ryuk Ransomware Alert
Posted 03/11/20 at 11:32am
SMX is aware of a spike in Ryuk ransomware attacks in the United States. The attacks are encrypting the systems of numerous organizations in the health care sector, and demanding ransoms, averaging over USD$100,000 to be paid in bitcoin for the decryption of information.
While this campaign is currently affecting United States based organizations, SMX is encouraging New Zealand organizations to make sure they have the protections in place to help protect against an attack.
What we are doing to combat this threat:
Current Ryuk signatures are already being blocked as malware. Our filters will be updated with potential new signatures that may appear.
More Info:
https://www.cert.govt.nz/it-specialists/advisories/increase-in-ryuk-ransomware-attacks/
https://www.zdnet.com/article/fbi-warning-trickbot-and-ransomware-attackers-plan-big-hit-on-us-hospitals/
Voicemail Phishing
Last updated 07/09/2020 5:55pm
A phishing voicemail is circulating as can be seen in the below image inviting the recipient to click on a voicemail. This is a phishing email, please do not click on any links and delete the email.
Webmail phishing email
Last updated 07/09/2020 17:15
We are seeing a webmail scam email which is circulating advising recipients about new features in webmail. This is phishing email, please do not click on any links within the email . The email can be deleted.
Xero Phishing
Last updated 25/08/2019 11:28am
We are seeing a number of personalised Xero Phishing emails circulating at the moment as can be seen in the image below. Please be aware these are not genuine and please do not click on any links within the email.
IRD Phishing
Last updated 06/07/2020 10:55am
We are seeing an IRD phishing email like below which are circulating at the moment. This looks authentic but has not come from the IRD. Please do not click on any links within the email. You should always enter the website directly in your browser https://www.ird.govt.nz/ so that you visit the correct IRD website.
Phishing run
We have received customer reports of inbound Phishing attempts which appear to have been sent from Microsoft.
The subject of these emails will appear as though it was sent by your own internal service desk - this is not the case.
If you believe you have received one of these emails, please contact your internal service desk to verify authenticity using their direct email and not the information provided in the suspicious email.
Coronavirus “safety measures” email is a phishing scam
Last updated 12/02/2020 09:40am
Sadly, cybercrooks love a crisis, because it gives them a believable reason to contact you with a phishing scam.
Here’s a tasteless and exploitative example, reported to us by the Sophos Security Team, of a current scam that uses the coronavirus as its lure.
The email, which carries the logo of the World Health Organization states:
Go through the attached document on safety measures regarding the spreading of corona virus.
Click on the button below to download
Symptoms common symptoms include fever,coughcshortness of breath and breathing difficulties.
Fortunately, at least for fluent speakers of English, the criminals have made numerous spelling and grammatical mistakes that act as warning signs that this is not what it seems.
The SMX filters have now updated and are correctly identifying this email as phishing. If you have received this email you can delete it but please keep an eye out for any similar variants - do not click on any links and submit the email to the SMX Service Desk.
Netflix phishing emails
Last updated 11/02/2020 11:10am
Today we have seen a number of phishing emails advising recipients that their Netflix payment has failed. This a phishing email which has not come from Netflix. The SMX filters have now updated and are correctly identifying this email as phishing. If you have received this email you can delete it but please keep an eye out for any similar variants - do not click on any links and submit the email to the SMX Service Desk.
Windows 7 end of support
Last updated 15/01/2020 2:33pm
Windows 7 has come to the end of life, this means that Microsoft will no longer support:
- Technical support for any issues
- Software updates
- Security updates or fixes
The impact of this is that Windows 7 will be at a greater risk for viruses and malware. For more information see:
https://www.microsoft.com/en-nz/windows/windows-7-end-of-life-support-information
Spam Run - Bitcoin phishing
Last updated 10/12/2019 11:10am
We are receiving reports of an extortion Spam run. The sender is demanding bitcoin, otherwise they will release video of you.
This is one of the oldest types of spam around - Do not engage with the sender, simply delete the message.
Spam run: (6) incoming messages
Last updated 29/11/2019 10:00am
We have received reports of users being BCC'd into a Spam message doing the rounds containing the following text:
Kindly FIX THE PROBLEM HERE to avoid missing important mails from your mailbox contact.
Apple ID scam hits Kiwi phones - what to watch out for.
Last updated 25/11/2019 11:47am
Numerous iPhone users reported receiving a dubious text message this morning asking them to verify their details.
Coming from the number 365, the message tells the user they've been locked out of their Apple ID and then asks them to verify their details.
The tell-tale sign in the scam is that the word "Apple" is misspelled "appl" in the url featuring in the text message.
It appears to be a classic example of a phishing ruse designed to acquire login and credit card details
What to do if you have been scammed:
• Contact your bank as soon as possible.
• Report it to the police and, if it is an online scam, report it to Netsafe who will give advice on what to do.
Protection from spear phishing and whaling
Last updated 24/10/2019 8:36am
SMX are seeing whaling emails on the increase, here is a helpful article from CERT NZ on steps you can take to protect yourself from being scammed by a whaling email. For more infromation on adding whaling protection with SMX please contact our sales team.
For more informaton on what a whaling attack is please have a read over our FAQ "What is Whaling?"
Spam Run - Netflix
Last updated 21/10/2019 10:40am
We are still seeing a number of emails purporting to be from Netflix, advising that a subscription renewal has failed due to a failed payment.
These are phishing emails. Please do not reply, simply delete the email.
Spam run - Here's this month's Spark bill
Last updated 11/10/2019 11:34am
We are still seeing a number of emails purporting to be from MySpark Support, advising that you owe money.
Latest versions have stared rewording the content in order to bypass the filter, however the subject is still the same.
These are phishing emails. Please do not reply, simply delete the email.
Spam run - Your shipment is waiting for delivery
Last updated 8/10/2019 1:15pm
We are seeing a number of emails purporting to be from NZ Post, advising there is a shipment awaiting pickup.
These are phishing emails. Please do not reply or click anything in the email, simply delete the email.
Spam run - Blank emails orginating from Gmail adresses
Last updated 30/9/2019 11:11 am
We are receiving user reports of spam emails originating from gmail addresses.
These emails generally have the subject lines "Test Mail", "ABC123", and "Test".
This is a simple spam run, simply delete the email.
Outlook System Update
Last updated 24/09/2019 3:25pm
We are seeing a number of emails like the below, requesting that you sign in an update your Outlook account . These are phishing emails, please do not click on any links and delete the email.
Spam runs.
Last updated 09/09/2019 12:48 pm
From time to time you may notice that you and your colleagues receive a number of similar looking spam emails at around the same time. There are a number of reasons why this may be the case:
The spammers have a number of similar emails which they craft which are of a similar nature, they then send these out in a few different rounds. These are sent from different IP addresses and contain slightly different content, this is designed to evade the filters as some IP addresses or websites maybe clean or blacklisted already.
The spammers may have obtained the email addresses from a previous spam run that they have sent or obtained the email addresses from other sources such as email addresses published on your company website.
The spammers may also obtain email addresses through what is known as a “Dictionary attack” where they randomly guess email addresses by going through recipients in alphabetical order to see which ones are active or not.
They may also try and guess passwords using a dictionary attack also which is why it is important to have a strong and secure password using numbers and letters and symbols. Once as a spammer has obtained the password of one account then it easy to obtain the email addresses of other staff members via the company address book and use them for future spam runs.
Threatening password emails
Last updated 09/09/2019 11:35 am
We are seeing a number of emails like below which are being sent with password protected PDF attachments. Please do not open the attachment and please delete the email. The attachment contains a threatening message that advises that the websites that you have visited will be sent to all of your contacts unless you pay a fee. This is a scam, do not respond to it.
Below are the contents of the PDF.
Rep. Needed
Last updated 09/09/2019 11:10 am
We are seeing a number of emails like this below trying to recruit staff to be a rep for a crude oil company. This is spam email, please do not reply and delete this email.
Potential spam banking emails
Last updated 23/08/2019 9:58 am
While we have not seen these emails reaching our servers yet it is a good idea to keep an eye out for potential banking emails - " spear-phishing emails with macros Docs or exploits, CHM files, and .LNK shortcuts as malicious attachments to initially compromise their victims." If you were not expecting the email or the email looks suspicious then please report it to the SMX Service Desk so we can investigate further.
https://thehackernews.com/2019/08/silence-apt-russian-hackers.html
Phishing - Voicemail Message
Last updated 28/06/2019 5:23 pm
There are a number of variants of voicemail phishing messages going around. Please do not click on the link and send the samples through to SMX and delete the email.
Phishing - Salary Increment
Last updated 26/06/2019 10:29 am
This phishing email made the rounds today and our filters are now recognising it as spam.
Phishing - CLOSURE OF EMAIL
Last updated 24/06/2019 4:58 pm
We are seeing a number of spam emails with the with the subject CLOSURE OF EMAIL that have been circulating recently advising the recipient that their email will be closed and advising them to click on a link to continue using their email. Please do not click on any links and delete the email.
Male pills emails
Last updated 24/06/2019 11:42 am
Over the past week we have seen a number of new variants of spam emails which have been advertising male potency pills. The spammers have designed these carefully to evade the SMX filters which is why you may have seen some of these getting through, some of the emails that we have seen have the following subjects:
- Erecttile Dysfucntion Pills
- Erecitle Dy$funct|on Pills
- Erectlie Dysfuncti0n Pills
Microsoft Audio calls spam emails
Last updated 04/07/2019 4:30pm
We are seeing a number of emails that are circulating that are impersonating Microsoft Audio calls, asking you to listen to a fake voicemail message, this is not genuine, please do not click on any links and delete the email.
Phishing - Microsoft Upgrade
Last updated 17/07/2019 7:00pm
We have recently seen a number emails like below advising recipients that they should upgrade their account to continue recieving emails. This a phishing email and has not come from Microsoft, please do not click on any links and delete the email.
Fake change of bank account details
Last updated 06/08/2019 1:27pm
Hi we are seeing a number of emails like this below pretending to be coming from the CFO to the payoll member of staff requesting a change of bank account details. Please speak to the requestor in person or via phone before making any bank account changes.
To report suspected spam emails to SMX, click here.