Please be vigilant in protecting your computer, do not click on any link or download any attachment from someone you don't know. If you receive any suspicious emails, please report these to us.
For guidance on how to report suspected spam emails etc., visit our FAQ page by clicking on the Support & FAQs tab above.
The WannaMine is the latest ransomeware that is making the rounds, you can read more about this threat in the link below.
Last updated 08/02/18 16:35
We are seeing a number of different emails that pretend to come from Kiwibank, please be vigilant
Last updated 01/02/18 16:44
Malicious emails with the subject line "Re:Money for New Zealand" has been doing the rounds of late. Please be aware of similar emails.
Last updated 23/01/18 11:37
Click on the following link to read about Netflix phishing emails and how to spot them. This can also apply to other phishing emails that you come across.
Last updated 19/01/18 15:05
Click on the link below to help you identify phishing emails if you are unsure of an email that has come through to your inbox.
Last updated 19/01/18 15:00
We are seeing a number of BNZ emails like below which are circulating, please be careful if you receive an email like this below.
Last updated 10/01/18 11:12
Please be aware of Netflix phishing emails that are circulating.
Last updated 24/11/17 9:24
Please be aware of BNZ emails like below which are circulating.
Last updated 10/11/17 9:58
Please be aware of Kiwibank emails like the below, which are circulating.
Last updated 06/11/2017 11:16
There is a new variant of Ransomware which has recently started spreading. Further details on this can be found at:
CERT NZ has information on this outbreak here
We have confirmed with our vendors that this is being detected by them, however please keep an eye out for this in case there are new variants.
Last updated 26/10/2017 9:15
We are seeing emails like the below, where the link appears to point to anz.co.nz but in fact points to another URL. Please be aware of these emails.
Last updated 25/10/2017 10:42
Please be aware of the ANZ phishing emails which are circulating at the moment. Please see the sample email below:
Last updated 25/09/2017 13:33
Please read the following article on the NZ Herald website about a recent spambot dump, you can check if you have been compromised here: https://haveibeenpwned.com/ and if you have, we would highly recommend you to update your password.
An IRD Scam email is doing the rounds. Please do not open the email and do not download or open the attachment contained in the email.
Last updated 25/08/2017 17:50
We have seen a number of new variants of the below email that was sent out initially a few weeks ago. See the sample emails below wherein there may be slight changes to the format, sender, and content including links contained in the mail.
Last updated 28/08/2017 11:00
Last updated 1/08/2017 09:52
There have been phishing emails sent out with the subject of 'Account Reward Statement', most likely coming from compromised accounts. This is now being blocked but for reference, below is an example of what this email looks like:
...And here is an example of the attachment contained in the phishing email. Notice the incorrect spelling throughout.
Last updated 27/07/2017 17:29
There have been phishing emails sent out with the Subject of 'Your Xero invoice available now', most likely coming from compromised accounts. This is now being blocked. For reference, below is an example of what the email looks like:
Last updated 27/07/2017 16:48
On Tuesday 27 June 2017, the Petya ransomware was detected, infecting machines by encrypting files and spreading rapidly across the globe.
Our vendors are already aware of it and detection had been put in place. The first issued protection was released on 27 June at 13:50 UTC and have provided several updates since then to provide further protection against possible future variants. According to our vendors, it is not yet clear how computers became infected with this ransomware for the time being, but it doesn’t seem to be through email as happened with WannaCry.
Please ensure that systems are installed with the latest updates and have a regular backup routine.
Last updated 28/06/2017 09:05
On Wednesday 28 June 2017, there have been phishing emails sent out with the Subject of 'Re: invoice 34602786 problem', most likely coming from compromised accounts. This is now being blocked. Below is an example of what this email looks like:
Last updated 28/06/2017 11:00
One of the most recent fraudulent schemes in the past couple of months is where business owners are being duped by scammers into sending them goods, or providing services and then not being paid. The scammers then make off with money/goods that have been provided. You can read more about this in this New Zealand Herald article - there are some tips on how to detect and guard against fraud.
Last updated 16/05/2017 18:00
On 13 May 2017 there was a large scale Ransomware outbreak, which leverages publicly known vulnerabilities in Microsoft Windows, patched by Microsoft in March this year (Microsoft Security Bulletin MS17-010). Additionally, Microsoft has released patches for older, unsupported Microsoft operating systems on 13 May 2017.
For more information please read the advisories:
Last updated 15/05/2017 10:30
We have been advised of new threats coming in the form of LNK file (Microsoft Shell Link Binary File Format), which contains information that can be used to access another data object. It is commonly known as “shortcuts”, which users use as a quick way of opening popular apps or often-used files.
SMX recommend Windows users to set up their computers to show file extensions. An extension is an integral part of the filename, and affects how Windows treats the file. Suppressing extensions may look a bit neater, but it needlessly hides information that might otherwise give users early warning of a security trick.
For SMX SmartRules customers who use the SMX-maintained System Rules, please note that the LNK file type has been added to the Executable File detection list.
We are getting reports about the latest virus outbreak overnight and this morning with emails containing a Macro-enabled Word file (.docm) impersonating the recipient address as the sender. Please be aware when opening up any attachments. Eg:
Subject: Documents from work
If you are an SMX SmartRules customer utilising our 'block executable attachments' rule, we'd like to inform you of a change we made yesterday, Tuesday 19 July 2016, affecting this rule.
Over the previous few days, SMX has noticed an elevated level of false negative malware submissions from customers that had received an email containing a macro-enabled Microsoft (MS) Word document with the filename extension .docm (DOT DOCM).
As a result of the increased level of submissions, SMX has updated the system list that your 'block executable attachments' SmartRule refers to. This means that effective from midday yesterday SMX will reject emails that contain a .docm attachment. For most customers this shouldn't be a problem, however if you do have a need to receive these file types the SMX support team can add an exception to this rule on your behalf.
If you are interested in the current spam trends in New Zealand, please visit the DIA link below.