Story image

Ezi Office Supplies site compromised in email phishing attack

06 Mar 18

People who receive an email from Ezi Office Supplies should proceed with extreme caution as hackers may have taken over the company’s domain to spread malware.

The invoice email, appearing to be from Ezi Office Supplies, asks recipients to view their bill. Anyone who clicks the link is taken to a zipped file on the genuine Ezi Office Supplies website.

Those who download the file and unzip the file will then be hit with a JavaScript-based malware.

The sender, ‘account@eziofficesupplies.com.au’, also uses the genuine domain name, suggesting that the entire company’s website may have been compromised by hackers.

“On Feb 20 Ezi Office Supplies went on social media to warn their customers that they had been having problems with their email system. A post on the company’s Facebook feed stated 'If you have received an email from us - digitalenquiries please delete as it is a spam. Apologies if received already. Thank you’,” MailGuard explains.

People who receive an email from Ezi Office Supplies should proceed with extreme caution.

MailGuard has also detected a new type of phishing scam designed to mimic a Dropbox notification email.

The zero-day email scam displays the Dropbox logo to seem authentic – a common tactic used by cybercriminals to disguise their phishing attacks, explains Emmanuel Marshall in a MailGuard blog.

This time the message tells recipients that “You Have Received (5) pdf files sent to you via dropbox” and directs them to a link to access their files.

To add further urgency, the email says that the “file Will be deleted on = 5 March, 2018”.  It also uses Dropbox’s genuine PO Box details.

The email appears to originate from a person apparently called Dr()p-B()x!!  with the email address Holli@ccmech.com. The subject line, ‘Scan654464-87555!’ also appears.

According to Marshall, when recipients click the link to access the bogus files, they are taken to fake login pages that look like the real Dropbox website. Attackers then harvest login details.

Login harvesting is popular because attackers can then use the hacked Dropbox accounts to store malicious files. They could also sell the logins to other buyers who could then access genuine Dropbox documents as a means to conduct identity theft.

Telltale signs of email scams, according to MailGuard:

  • Generic greetings, such as ‘dear customer’
  • A sense of urgency, e.g. “ensure your invoice is paid by the due date to avoid unnecessary fees”
  • Bad grammar or misuse of punctuation and poor-quality or distorted graphics (this attempt isn’t let down by bad grammar, making it more likely some people will take the bait)
  • An instruction to click a link to perform an action (hover over them to see where you’re really being directed).
Gartner names LogRhythm leader in SIEM solutions
Security teams increasingly need end-to-end SIEM solutions with native options for host- and network-level monitoring.
Cylance makes APIs available in endpoint detection offering
Extensive APIs enable security teams to more efficiently view, enrich, and contextualise real-time intelligence collected at the endpoint to keep systems secure.
NBN Co rolls out 'optimised' wholesale business bundles for ISPs
“We recognise some businesses are on nbn powered plans that have not been optimised for their needs," says Paul Tyler.
How Schneider Electric aims to simplify IT management
With IT Expert, Schneider Electric aims to ensure secure, vendor agnostic, wherever-you-go monitoring and visibility of all IoT-enabled physical infrastructure assets.
SolarWinds adds SDN monitoring support to network management portfolio
SolarWinds announced a broad refresh to its network management portfolio, as well as key enhancements to the Orion Platform. 
Preparing for the future of work – growing big ideas from small spaces
We’ve all seen it: our offices are changing from the traditional four walls - to no walls. A need to reduce real estate costs is a key driver, as is enabling a more diverse and agile workforce.
JASK prepares for global rollout of their AI-powered ASOC platform
The JASK ASOC platform automates alert investigations, supposedly freeing the SOC analyst to do what machines can’t. 
Pitfalls to avoid when configuring cloud firewalls
Flexibility and granularity of security controls is good but can still represent a risk for new cloud adopters that don’t recognise some of the configuration pitfalls.