SMX Service Status
To be notified of any incident or planned maintenance, you can now go to https://status.smxemail.com/ and subscribe to updates by email and/or text message.
Suspicious Emails Alert!
Please be vigilant in protecting your computer, do not click on any link or download any attachment from someone you don't know. If you receive any suspicious emails, please report these to us.
For guidance on how to report suspected spam emails etc., visit our FAQ page by clicking on the Support tab above.
Please have a read over the following article on the NZ Herald website http://www.nzherald.co.nz/business/news/article.cfm?c_id=3&objectid=11914665 about a recent spambot dump, you can check if you have been compromised at https://haveibeenpwned.com/ and if you have then it would highly recommended to update your password.
IRD Scam Email
An IRD Scam email is doing the rounds, please do not open the email and do not download or open the attachment contained in the email.
Last updated 25/08/2017 17:50
Microsoft Phishing Email
We have seen a number of new variants of the below email that was sent out initially a few weeks ago. See the sample emails below wherein there may be slight changes to the format, sender, and content including links contained in the mail.
Last updated 28/08/2017 11:00
Last updated 1/08/2017 09:52
Westpac Phishing Email
There have been phishing emails sent out with the subject of Account Reward Statement, most likely coming from compromised accounts. This is now being blocked and below is an example on how this email looks like:
Below is the attachment contained in the phishing email, notice the incorrect spelling throughout.
Last updated 27/07/2017 17:29
Xero Phishing Email
There have been phishing emails sent out with the Subject of Your Xero invoice available now, most likely coming from compromised accounts. This is now being blocked and below is an example on how this email looks like:
Last updated 27/07/2017 16:48
On Tuesday 27th June 2017, the Petya ransomware was detected, infecting machines by encrypting files and spreading rapidly across the globe.
Our vendors are already aware of it and detection had been put in place. The first issued protection was released on 27th June at 13:50 UTC and have provided several updates since then to provide further protection against possible future variants. According to our vendors, it is not yet clear how computers became infected with this ransomware for the time being, but it doesn’t seem to be through email as happened with WannaCry.
Please ensure that systems are installed with the latest updates and have a regular backup routine.
Last updated 28/06/2017 09:05
On Wednesday 28th June 2017, there have been phishing emails sent out with the Subject of Re: invoice 34602786 problem, most likely coming from compromised accounts. This is now being blocked and below is an example on how this email looks like:
Last updated 28/06/2017 11:00
One of the most recent fraudulent schemes in the past couple of months, is where business owners are being duped by scammers into sending them goods or providing services and then not being paid. The scammers then make off with money/goods that had been provided. You may read more about this at the link below and there are some tips on how to detect and guard against fraud.
Last updated 16/05/2017 18:00
WannaCry Ransomware used in large scale international attacks
On the 13th of May 2017 there was a large scale Ransomware outbreak which leverages publically known vulnerabilities in Microsoft Windows, patched by Microsoft in March this year (Microsoft Security Bulletin MS17-010). Additionally, Microsoft has released patches for older, unsupported Microsoft operating systems on 13 May 2017.
For more information please read the advisories:
- Australia: https://www.acsc.gov.au/news.html
- New Zealand: https://www.cert.govt.nz/it-specialists/advisories/advisory/alert-wannacry-ransomware-used-in-large-scale-international-attacks
Last updated 15/05/2017 10:30
We have been advised of new threats coming in the form of LNK file (Microsoft Shell Link Binary File Format), which contains information that can be used to access another data object. It is commonly known as “shortcuts” that users use as a quick way of opening popular apps or often-used files.
SMX recommend Windows users to set up their computers to show file extensions. An extension is an integral part of the filename, and affects how Windows treats the file. Suppressing extensions may look a bit neater, but it needlessly hides information that might otherwise give users early warning of a security trick.
For SMX SmartRules customers who use the SMX-maintained System Rules, please note that the LNK file type has been added to the Executable File detection list.
We are getting reports about the latest virus outbreak overnight and this morning with emails containing Macro-enabled Word file (.docm) impersonating the recipient address as the sender. Please be aware when opening up any attachments. Eg:
Subject: Documents from work
If you are a SmartRules customer utilising our 'block executable attachments' rule, we'd like to inform you of a change we made yesterday, Tuesday 19 July 2016, affecting this rule.
Over the previous few days, SMX has noticed an elevated level of false negative malware submissions from customers that had received an email containing a macro-enabled Microsoft (MS) Word document with the filename extension .docm (DOT DOCM).
As a result of the increased level of submissions, SMX has updated the system list that your 'block executable attachments' SmartRule refers to. This means that effective from midday yesterday SMX will reject emails that contain a .docm attachment. For most customers this shouldn't be a problem, however if you do have a need to receive these file types the SMX support team can add an exception to this rule on your behalf.
If you are interested in the current spam trends in New Zealand, please visit the link below.