SMX Service Status

Status page

To be notified of any incident or planned maintenance, you can now go to https://status.smxemail.com/ and subscribe to updates by email and/or text message.

 

Suspicious Emails Alert!

Please be vigilant in protecting your computer, do not click on any link or download any attachment from someone you don't know.  If you receive any suspicious emails, please report these to us.

For guidance on how to report suspected spam emails etc., visit our FAQ page by clicking on the Support tab above.

BNZ phishing emails.

Please be aware of BNZ emails like below which are circulating.

Last updated 10/11/17 9:58

Kiwibank phishing emails.

Please be aware of Kiwibank emails like below which are circulating.

Last updated 06/11/2017 11:16

Bad Rabbit Ransomware

There is a new variant of Ransomware which has recently started spreading, further details on this can be found at:

http://www.bbc.com/news/technology-41740768

CERT NZ has information on this outbreak here

We have confirmed with our vendors that this is being detected by them, however please keep an eye out for this in case there are new variants.

Last updated 26/10/2017 9:15

 

New ANZ phishing emails

We are seeing emails like below where the link appears to point to anz.co.nz but in fact points to another URL, please be aware of these emails.   

Last updated 25/10/2017 10:42

 

ANZ phishing emails

Please be aware of the ANZ phishing emails which are circulating at the moment. Please see the sample email below:

Last updated 25/09/2017 13:33

 

Compromised emails

Please have a read over the following article on the NZ Herald website http://www.nzherald.co.nz/business/news/article.cfm?c_id=3&objectid=11914665 about a recent spambot dump, you can check if you have been compromised at https://haveibeenpwned.com/ and if you have then it would highly recommended to update your password.

 

IRD Scam Email

An IRD Scam email is doing the rounds, please do not open the email and do not download or open the attachment contained in the email.

Last updated 25/08/2017 17:50

 

Microsoft Phishing Email

We have seen a number of new variants of the below email that was sent out initially a few weeks ago. See the sample emails below wherein there may be slight changes to the format, sender, and content including links contained in the mail.

Last updated 28/08/2017 11:00

 

Last updated 1/08/2017 09:52

 

Westpac Phishing Email

There have been phishing emails sent out with the subject of Account Reward Statement, most likely coming from compromised accounts. This is now being blocked and below is an example on how this email looks like:

Below is the attachment contained in the phishing email, notice the incorrect spelling throughout.

Last updated 27/07/2017 17:29

 

Xero Phishing Email

There have been phishing emails sent out with the Subject of Your Xero invoice available now, most likely coming from compromised accounts. This is now being blocked and below is an example on how this email looks like:

Last updated 27/07/2017 16:48

 

Petya/NotPetya Ransomware

On Tuesday 27th June 2017, the Petya ransomware was detected, infecting machines by encrypting files and spreading rapidly across the globe.

Our vendors are already aware of it and detection had been put in place. The first issued protection was released on 27th June at 13:50 UTC and have provided several updates since then to provide further protection against possible future variants. According to our vendors, it is not yet clear how computers became infected with this ransomware for the time being, but it doesn’t seem to be through email as happened with WannaCry. 

Please ensure that systems are installed with the latest updates and have a regular backup routine.

Last updated 28/06/2017 09:05

 

Phishing Email

On Wednesday 28th June 2017, there have been phishing emails sent out with the Subject of Re: invoice 34602786 problem, most likely coming from compromised accounts. This is now being blocked and below is an example on how this email looks like:

Last updated 28/06/2017 11:00

 

Fraudulent schemes

One of the most recent fraudulent schemes in the past couple of months, is where business owners are being duped by scammers into sending them goods or providing services and then not being paid. The scammers then make off with money/goods that had been provided. You may read more about this at the link below and there are some tips on how to detect and guard against fraud.

http://www.nzherald.co.nz/business/news/article.cfm?c_id=3&objectid=11856348

Last updated 16/05/2017 18:00

 

WannaCry Ransomware used in large scale international attacks

On the 13th of May 2017 there was a large scale Ransomware outbreak which leverages publically known vulnerabilities in Microsoft Windows, patched by Microsoft in March this year (Microsoft Security Bulletin MS17-010). Additionally, Microsoft has released patches for older, unsupported Microsoft operating systems on 13 May 2017. 

For more information please read the advisories:

Last updated 15/05/2017 10:30

 


 

Past Incidents

 

We have been advised of new threats coming in the form of LNK file (Microsoft Shell Link Binary File Format), which contains information that can be used to access another data object. It is commonly known as “shortcuts” that users use as a quick way of opening popular apps or often-used files.

Don’t be tricked into opening a shortcut file from an untrusted source, falsely assuming the LNK must be harmless because it can only point to items already on your system. Reports from our vendors advised that cybercrooks exploit this by invoking a command prompt (using cmd.exe) that creates a JavaScript file and then runs it.

SMX recommend Windows users to set up their computers to show file extensions. An extension is an integral part of the filename, and affects how Windows treats the file. Suppressing extensions may look a bit neater, but it needlessly hides information that might otherwise give users early warning of a security trick.

For SMX SmartRules customers who use the SMX-maintained System Rules, please note that the LNK file type has been added to the Executable File detection list.

 

------------------------------------------------------------------------------------------------------------------------

We are getting reports about the latest virus outbreak overnight and this morning with emails containing Macro-enabled Word file (.docm) impersonating the recipient address as the sender. Please be aware when opening up any attachments. Eg:

From: user@domain.com

Subject: Documents from work

To: user@domain.com

 

If you are a SmartRules customer utilising our 'block executable attachments' rule, we'd like to inform you of a change we made yesterday, Tuesday 19 July 2016, affecting this rule.


Over the previous few days, SMX has noticed an elevated level of false negative malware submissions from customers that had received an email containing a macro-enabled Microsoft (MS) Word document with the filename extension .docm (DOT DOCM).


As a result of the increased level of submissions, SMX has updated the system list that your 'block executable attachments' SmartRule refers to. This means that effective from midday yesterday SMX will reject emails that contain a .docm attachment. For most customers this shouldn't be a problem, however if you do have a need to receive these file types the SMX support team can add an exception to this rule on your behalf.

 

 

If you are interested in the current spam trends in New Zealand, please visit the link below.

http://www.dia.govt.nz/diawebsite.nsf/wpg_URL/Services-Anti-Spam-Email-Scams