SMX Service Status

Status page

You can now go to https://status.smxemail.com/ and subscribe to updates by SMS text and/or email messages about SMX services and to be notified for any planned maintenance or service disruption.

 

Planned Outage on 18 July 2017 (Tuesday)

There is a planned outage by our upstream provider:

Time: 18 July 2017 00:00 - 18 July 2017 06:00 NZST

Duration: There will be a break in service of up to 30 minutes within the above change window

Impact:

  • Mail flow will not be affected as emails will be accepted and delivered via our secondary site;
  • No impact to the Filtering service customers;
  • IMAP, POP3, and Webmail access for the SMX-hosted mailbox customers will be temporarily unavailable in the above change window.

 


Suspicious Emails Alert!

Please be vigilant in protecting your computer, do not click on any link or download any attachment from someone you don't know.  If you receive any suspicious emails, please report these to us.

For guidance on how to report suspected spam emails etc., visit our FAQ page by clicking on the Support tab above.

 

Petya/NotPetya Ransomware

On Tuesday 27th June 2017, the Petya ransomware was detected, infecting machines by encrypting files and spreading rapidly across the globe.

Our vendors are already aware of it and detection had been put in place. The first issued protection was released on 27th June at 13:50 UTC and have provided several updates since then to provide further protection against possible future variants. According to our vendors, it is not yet clear how computers became infected with this ransomware for the time being, but it doesn’t seem to be through email as happened with WannaCry. 

Please ensure that systems are installed with the latest updates and have a regular backup routine.

Last updated 28/06/2017 09:05

 

Phishing Email

On Wednesday 28th June 2017, there have been phishing emails sent out with the Subject of Re: invoice 34602786 problem, most likely coming from compromised accounts. This is now being blocked and below is an example on how this email looks like:

Last updated 28/06/2017 11:00

 

Fraudulent schemes

One of the most recent fraudulent schemes in the past couple of months, is where business owners are being duped by scammers into sending them goods or providing services and then not being paid. The scammers then make off with money/goods that had been provided. You may read more about this at the link below and there are some tips on how to detect and guard against fraud.

http://www.nzherald.co.nz/business/news/article.cfm?c_id=3&objectid=11856348

Last updated 16/05/2017 18:00

 

WannaCry Ransomware used in large scale international attacks

On the 13th of May 2017 there was a large scale Ransomware outbreak which leverages publically known vulnerabilities in Microsoft Windows, patched by Microsoft in March this year (Microsoft Security Bulletin MS17-010). Additionally, Microsoft has released patches for older, unsupported Microsoft operating systems on 13 May 2017. 

For more information please read the advisories:

Last updated 15/05/2017 10:30


Plain text authentication

The changes to plain text have been completed and is now turned off. If you are experiencing issues with emails please update the settings in your email client. You can find the instructions by clicking on the link https://smxemail.com/support/#TLS

Last updated 01/03/2017 11:31

 

Plain text authentication

To our mail hosting customers who are using plain text to authenticate, please kindly note that support for plain text login via POP3 and IMAP will be turned off at the end of February 2017, please update your settings.

The instructions are outlined in the emails we sent out to you. For your convenience, this is where you can find the instructions: https://smxemail.com/support/#TLS

 

SMTP auth accounts

To our customers with SMTP auth accounts i.e. account@relay.smxemail.com, please ensure these have been updated to the new settings you have been provided together with the password, by the end of February 2017.

 

Thank you.

Last updated 28/02/2017 12:11

Past Incidents

 

Smartstore

There is currently an issue with releasing messages from Smartstore . We are working to resolve this as soon as possible

Last updated 07/03/2017 10:42

 

We have seen the following emails being sent from a spoofed email address. See the following image below.

If you have received a similar email please delete it and do not click on any links contained within the email.

 

Kiwibank spoof emails

Updated on 23/11/2016 12:15 and 01/12/2016 08:23


Vodafone spoof email Updated on 26/10/2016 12:23

 

eBay phishing email Updated on 26/10/2016 11:08

 

Dropbox phishing email Updated on 19/10/2016 15:25

 

Microsoft phishing emails:

Did you notice the different senders and/or slight change in the content of these emails? In many cases they look very similar and the variation is hardly noticeable. 

 

Updated on 17/10/2016 10:25

 

Updated on 17/10/2016 10:13

 

Updated on 14/10/2016 11:58

 

Updated on 13/10/2016 15:17

 

------------------------------------------------------------------------------------------------------------------------

Updated 07/10/2016 09:19

We are seeing a new variant of .hta files inside a rar compressed attachment. Please do not open this attachment.

Subject: Scanned image from MX2310U…..

 

------------------------------------------------------------------------------------------------------------------------

Crysis ransomware warning

Please watch out for remote desktop protocol (RDP) attacks which have spread via trojan attacks and links to websites. For more information see https://securitybrief.co.nz/story/trend-micro-warns-nz-australian-firms-about-crysis-ransomware/

There has been reports of Xero phishing emails and involve ransomware that can encrypt files on the host device.

Please do not click on the link contained in the email as it prompts the user to download a dangerous malware. Once the downloaded file is executed, the victims machine will be encrypted.

 


We have been advised of new threats coming in the form of LNK file (Microsoft Shell Link Binary File Format), which contains information that can be used to access another data object. It is commonly known as “shortcuts” that users use as a quick way of opening popular apps or often-used files.

Don’t be tricked into opening a shortcut file from an untrusted source, falsely assuming the LNK must be harmless because it can only point to items already on your system. Reports from our vendors advised that cybercrooks exploit this by invoking a command prompt (using cmd.exe) that creates a JavaScript file and then runs it.

SMX recommend Windows users to set up their computers to show file extensions. An extension is an integral part of the filename, and affects how Windows treats the file. Suppressing extensions may look a bit neater, but it needlessly hides information that might otherwise give users early warning of a security trick.

For SMX SmartRules customers who use the SMX-maintained System Rules, please note that the LNK file type has been added to the Executable File detection list.

 

------------------------------------------------------------------------------------------------------------------------

We are getting reports about the latest virus outbreak overnight and this morning with emails containing Macro-enabled Word file (.docm) impersonating the recipient address as the sender. Please be aware when opening up any attachments. Eg:

From: user@domain.com

Subject: Documents from work

To: user@domain.com

 

If you are a SmartRules customer utilising our 'block executable attachments' rule, we'd like to inform you of a change we made yesterday, Tuesday 19 July 2016, affecting this rule.


Over the previous few days, SMX has noticed an elevated level of false negative malware submissions from customers that had received an email containing a macro-enabled Microsoft (MS) Word document with the filename extension .docm (DOT DOCM).


As a result of the increased level of submissions, SMX has updated the system list that your 'block executable attachments' SmartRule refers to. This means that effective from midday yesterday SMX will reject emails that contain a .docm attachment. For most customers this shouldn't be a problem, however if you do have a need to receive these file types the SMX support team can add an exception to this rule on your behalf.

 

 

If you are interested in the current spam trends in New Zealand, please visit the link below.

http://www.dia.govt.nz/diawebsite.nsf/wpg_URL/Services-Anti-Spam-Email-Scams