SMX Service Status

No current issues

Last updated 05/01/2017 12:30


Suspicious Emails Alert!

These are the most common and recent suspicious emails going around. If you receive any of these emails,  do not click the link in the email. Please continue to report these to us.

For guidance on how to report suspected spam emails etc., visit our FAQ page by clicking on the Support tab above.

Kiwibank spoof emails

Updated on 23/11/2016 12:15 and 01/12/2016 08:23




Past Incidents

Vodafone spoof email Updated on 26/10/2016 12:23


eBay phishing email Updated on 26/10/2016 11:08


Dropbox phishing email Updated on 19/10/2016 15:25


Microsoft phishing emails:

Did you notice the different senders and/or slight change in the content of these emails? In many cases they look very similar and the variation is hardly noticeable. 


Updated on 17/10/2016 10:25


Updated on 17/10/2016 10:13


Updated on 14/10/2016 11:58


Updated on 13/10/2016 15:17



Updated 07/10/2016 09:19

We are seeing a new variant of .hta files inside a rar compressed attachment. Please do not open this attachment.

Subject: Scanned image from MX2310U…..



Crysis ransomware warning

Please watch out for remote desktop protocol (RDP) attacks which have spread via trojan attacks and links to websites. For more information see

There has been reports of Xero phishing emails and involve ransomware that can encrypt files on the host device.

Please do not click on the link contained in the email as it prompts the user to download a dangerous malware. Once the downloaded file is executed, the victims machine will be encrypted.


We have been advised of new threats coming in the form of LNK file (Microsoft Shell Link Binary File Format), which contains information that can be used to access another data object. It is commonly known as “shortcuts” that users use as a quick way of opening popular apps or often-used files.

Don’t be tricked into opening a shortcut file from an untrusted source, falsely assuming the LNK must be harmless because it can only point to items already on your system. Reports from our vendors advised that cybercrooks exploit this by invoking a command prompt (using cmd.exe) that creates a JavaScript file and then runs it.

SMX recommend Windows users to set up their computers to show file extensions. An extension is an integral part of the filename, and affects how Windows treats the file. Suppressing extensions may look a bit neater, but it needlessly hides information that might otherwise give users early warning of a security trick.

For SMX SmartRules customers who use the SMX-maintained System Rules, please note that the LNK file type has been added to the Executable File detection list.



We are getting reports about the latest virus outbreak overnight and this morning with emails containing Macro-enabled Word file (.docm) impersonating the recipient address as the sender. Please be aware when opening up any attachments. Eg:


Subject: Documents from work



If you are a SmartRules customer utilising our 'block executable attachments' rule, we'd like to inform you of a change we made yesterday, Tuesday 19 July 2016, affecting this rule.

Over the previous few days, SMX has noticed an elevated level of false negative malware submissions from customers that had received an email containing a macro-enabled Microsoft (MS) Word document with the filename extension .docm (DOT DOCM).

As a result of the increased level of submissions, SMX has updated the system list that your 'block executable attachments' SmartRule refers to. This means that effective from midday yesterday SMX will reject emails that contain a .docm attachment. For most customers this shouldn't be a problem, however if you do have a need to receive these file types the SMX support team can add an exception to this rule on your behalf.



If you are interested in the current spam trends in New Zealand, please visit the link below.