Suspicious Emails Alert! The email threat landscape is constantly changing and new threats and scams emerge constantly. SMX will keep you up-to-date on suspicious email security threats, alerts, news and trends on this page, so that you know what to look out for. 

Please be vigilant in protecting your computer, do not click on any link or download any attachment from someone you don't know. If you receive any suspicious emails, please report these to us.

  • Computer Emergency Response Team (CERTNZ)
  • New Zealand National Cyber Security Centre (NCSC)
  • Australian Cyber Security Centre (ACSC)

For guidance on how to report suspected spam emails etc., visit our FAQ page by clicking on the Support & FAQs tab above.


WannaMine ransomware

The WannaMine is the latest ransomeware that is making the rounds, you can read more about this threat in the link below.

https://nakedsecurity.sophos.com/2018/01/31/what-are-wannamine-attacks-and-how-do-i-avoid-them/

Last updated 08/02/18 16:35


 

Kiwibank spam

We are seeing a number of different emails that pretend to come from Kiwibank, please be vigilant

Screenshot from 2018 02 01 16 42 40

Last updated 01/02/18 16:44

 


 

Money spam emails.

Malicious emails with the subject line "Re:Money for New Zealand" has been doing the rounds of late. Please be aware of similar emails.

 spamtrends

Last updated 23/01/18 11:37


Netflix Phishing Campaigns

Click on the following link to read about Netflix phishing emails and how to spot them. This can also apply to other phishing emails that you come across.

https://nakedsecurity.sophos.com/2018/01/15/netflix-phishing-campaign-goes-after-your-login-credit-card-mugshot-and-id/

Last updated 19/01/18 15:05


Phishing Flow Chart

Click on the link below to help you identify phishing emails if you are unsure of an email that has come through to your inbox.

https://www.thiel.edu/assets/documents/offices/information-technology/Phishy_Flowchart.pdf

Last updated 19/01/18 15:00


 BNZ phishing emails

We are seeing a number of BNZ emails like below which are circulating, please be careful if you receive an email like this below.

bnz

Last updated 10/01/18 11:12


Netflix phishing emails

Please be aware of Netflix phishing emails that are circulating.

smx alert Netflix phishing email new 600

Last updated 24/11/17 9:24


BNZ phishing emails

Please be aware of BNZ emails like below which are circulating.

smx alert BNZ phishing email new 600

Last updated 10/11/17 9:58


Kiwibank phishing emails

Please be aware of Kiwibank emails like the below, which are circulating.

smx alert kiwibank phishing email 600a

Last updated 06/11/2017 11:16


Bad Rabbit Ransomware

There is a new variant of Ransomware which has recently started spreading. Further details on this can be found at:

http://www.bbc.com/news/technology-41740768

CERT NZ has information on this outbreak here

We have confirmed with our vendors that this is being detected by them, however please keep an eye out for this in case there are new variants.

Last updated 26/10/2017 9:15


New ANZ phishing emails

We are seeing emails like the below, where the link appears to point to anz.co.nz but in fact points to another URL. Please be aware of these emails.

smx alert asb with anz link phishing email 600

Last updated 25/10/2017 10:42


ANZ phishing emails

Please be aware of the ANZ phishing emails which are circulating at the moment. Please see the sample email below:

smx alert anz phishing email 0917 1 600

Last updated 25/09/2017 13:33


Compromised emails

Please read the following article on the NZ Herald website about a recent spambot dump, you can check if you have been compromised here: https://haveibeenpwned.com/ and if you have, we would highly recommend you to update your password.


IRD Scam Email

An IRD Scam email is doing the rounds. Please do not open the email and do not download or open the attachment contained in the email.

smx alert ird scam email 250817 1 600a

Last updated 25/08/2017 17:50


Microsoft Phishing Email

We have seen a number of new variants of the below email that was sent out initially a few weeks ago. See the sample emails below wherein there may be slight changes to the format, sender, and content including links contained in the mail.

smx alert microsoft phishing email 280817 FN3 600a

Last updated 28/08/2017 11:00

smx alert microsoft phishing email 010817 FN2 600b

Last updated 1/08/2017 09:52


Westpac Phishing Email

There have been phishing emails sent out with the subject of 'Account Reward Statement', most likely coming from compromised accounts. This is now being blocked but for reference, below is an example of what this email looks like:

smx alert westpac phishing email 270717 1

...And here is an example of the attachment contained in the phishing email. Notice the incorrect spelling throughout.

smx alert westpac phishing email attachment 270717 2

Last updated 27/07/2017 17:29


Xero Phishing Email

There have been phishing emails sent out with the Subject of 'Your Xero invoice available now', most likely coming from compromised accounts. This is now being blocked. For reference, below is an example of what the email looks like:

smx alert Xero phishing email 270717 600

Last updated 27/07/2017 16:48


Petya/NotPetya Ransomware

On Tuesday 27 June 2017, the Petya ransomware was detected, infecting machines by encrypting files and spreading rapidly across the globe.

Our vendors are already aware of it and detection had been put in place. The first issued protection was released on 27 June at 13:50 UTC and have provided several updates since then to provide further protection against possible future variants. According to our vendors, it is not yet clear how computers became infected with this ransomware for the time being, but it doesn’t seem to be through email as happened with WannaCry. 

Please ensure that systems are installed with the latest updates and have a regular backup routine.

Last updated 28/06/2017 09:05


Phishing Email

On Wednesday 28 June 2017, there have been phishing emails sent out with the Subject of 'Re: invoice 34602786 problem', most likely coming from compromised accounts. This is now being blocked. Below is an example of what this email looks like:

smx alert grandrealty phishing email 280617 1 600

Last updated 28/06/2017 11:00


Fraudulent schemes

One of the most recent fraudulent schemes in the past couple of months is where business owners are being duped by scammers into sending them goods, or providing services and then not being paid. The scammers then make off with money/goods that have been provided. You can read more about this in this New Zealand Herald article - there are some tips on how to detect and guard against fraud.

Last updated 16/05/2017 18:00


WannaCry Ransomware used in large scale international attacks

On 13 May 2017 there was a large scale Ransomware outbreak, which leverages publicly known vulnerabilities in Microsoft Windows, patched by Microsoft in March this year (Microsoft Security Bulletin MS17-010). Additionally, Microsoft has released patches for older, unsupported Microsoft operating systems on 13 May 2017. 

For more information please read the advisories:

Last updated 15/05/2017 10:30


Past Incidents

We have been advised of new threats coming in the form of LNK file (Microsoft Shell Link Binary File Format), which contains information that can be used to access another data object. It is commonly known as “shortcuts”, which users use as a quick way of opening popular apps or often-used files.

Don’t be tricked into opening a shortcut file from an untrusted source, falsely assuming the LNK must be harmless because it can only point to items already on your system. Reports from our vendors advised that cybercrooks exploit this by invoking a command prompt (using cmd.exe) that creates a JavaScript file and then runs it.

SMX recommend Windows users to set up their computers to show file extensions. An extension is an integral part of the filename, and affects how Windows treats the file. Suppressing extensions may look a bit neater, but it needlessly hides information that might otherwise give users early warning of a security trick.

For SMX SmartRules customers who use the SMX-maintained System Rules, please note that the LNK file type has been added to the Executable File detection list.


We are getting reports about the latest virus outbreak overnight and this morning with emails containing a Macro-enabled Word file (.docm) impersonating the recipient address as the sender. Please be aware when opening up any attachments. Eg:

From: user@domain.com

Subject: Documents from work

To: user@domain.com


If you are an SMX SmartRules customer utilising our 'block executable attachments' rule, we'd like to inform you of a change we made yesterday, Tuesday 19 July 2016, affecting this rule.

Over the previous few days, SMX has noticed an elevated level of false negative malware submissions from customers that had received an email containing a macro-enabled Microsoft (MS) Word document with the filename extension .docm (DOT DOCM).

As a result of the increased level of submissions, SMX has updated the system list that your 'block executable attachments' SmartRule refers to. This means that effective from midday yesterday SMX will reject emails that contain a .docm attachment. For most customers this shouldn't be a problem, however if you do have a need to receive these file types the SMX support team can add an exception to this rule on your behalf.


Spam trends

If you are interested in the current spam trends in New Zealand, please visit the DIA link below.

http://www.dia.govt.nz/diawebsite.nsf/wpg_URL/Services-Anti-Spam-Email-Scams

×
Want to keep up with the latest SMX news? Click here to sign up to the newsletter