Today our admin team received an email from what appeared to be an employee of the University of the Sunshine Coast Titled “Follow-up Invoice” and a bunch of numbers

The invoice has the sender listed as Nathan Gordon, Manager USC Sport with contact numbers email address and other semi-official looking information as shown in the featured image of this post.

The email itself simply says USC Australia, Xxxxxx Xxxxxx sent you a file to review. Xxxxxx said “Review this secured PDF folder and let me know your thought about it”.

The grammatical error “your thought” which should be “your thoughts” was the first warning apart from the fact that USC doesn’t send our organisation invoices.

After some initial link testing of the “VIEW COMPLETED FILE” button we found ourselves on a page (Listed as SAFE by multiple url checkers) seemingly resembling a combination of “OneDrive or Google Docs” style document sharing with a button titled “Review Document” as pictured.

 

The “Review Document” link was where it went WAY south with the domain name being https://www(dot)islamalso(dot)com/secured/doc/%40%40%40/index.php shown as a newly created domain, UNTESTED by URL Test sites we used.

The most simplistic forms of malicious PHP scripts, simply redirect site visitors to a different page, but can do so dynamically meaning that once clicked you can be taken anywhere, more elaborate php scripts can do a whole lot more!

Stay Safe! Please share this info locally to ensure that no one is sucked into this scam!!

SDDCA Management Committee