Fake Emails

Some fake emails saying that your password has been changed or compromised are quite common.

These scams normally convince the email user that someone has managed to change their password

They then click the link to reset your password which takes you to a site that looks very legitimate. However, it’s a malicious site that will record your username and password.

Once the hacker has gotten the password you have entered, they login into your webmail and send emails to your customers, suppliers etc.

They’ll tell individuals for example, that there are new bank details they need to update (which will be hackers own bank account) and tell them to transfer funds across.

Some of these scammers will even set up mail rules to hide emails from you to make sure you are oblivious of any changes they are making on your behalf.

The easiest way to check if it’s a phishing email is to check the from address. It normally won’t be a normal looking email address.

If you still are unsure, forward the email to Warringah IT.

Recent example of the scam:

Couples Dream Turns to Nightmare as Hackers Steal Funds Meant to Settle their New Home


You will see in the article:

On June 18, a hacker compromised PEXA by getting into their conveyancer’s email account, pressing the ‘forgot password’ button, intercepting the email to create a new password, logging in, and creating a new user.

This resulted in the hacker gaining access to the PEXA account, and transferring a $250,000 deposit for a home to their own account.

[SPAM] Spam Sent to Me by Me?

It can be concerning when you have been receiving spam email sent by yourself. Especially if they have your password (or close to) and threaten with publishing personal information unless you pay them.

Most of the time however, a hacker has faked the sender address to be yours. What about the password? Typically they’ve used a password published in a system wide hack on a website you use – for example in 2017 LinkedIn was hacked and all the user information was leaked for anyone to look at.

This website will show you where your password was stolen from: https://haveibeen pwned.com/

The best course of action if the password is correct or close is to change your email password and disregard the email. If they do have your password or guess it correctly, they can gain access to your email and send malicious emails to others very quickly.

Example of one of these spam emails:


As you may have noticed, I sent you an email from your account.

This means that I have full access to your account: On moment of hack your account has password: password123

You say: this is the old password!

Or: I will change my password at any time!

Yes! You’re right!

But the fact is that when you change the password, my trojan always saves a new one!

I’ve been watching you for a few months now.

The fact is that you were infected with malware through an adult site that you visited.

If you are not familiar with this, I will explain.

Trojan Virus gives me full access and control over a computer or other device.

This means that I can see everything on your screen, turn on the camera and microphone, but you do not know about it.

I also have access to all your contacts and all your correspondence.

Why your antivirus did not detect malware?

Answer: My malware uses the driver, I update its signatures every 4 hours so that your antivirus is silent.

I made a video showing how you satisfy yourself in the left half of the screen, and in the right half you see the video that you watched.

With one click of the mouse, I can send this video to all your emails and contacts on social networks. I can also post access to all your e-mail correspondence and messengers that you use.

If you want to prevent this, transfer the amount of $783 to my bitcoin address.

After receiving the payment, I will delete the video and you will never hear me again.

I give you 48 hours to pay.

I have a notice reading this letter, and the timer will work when you see this letter.

Filing a complaint somewhere does not make sense because this email cannot be tracked like my bitcoin address.

I do not make any mistakes.

If I find that you have shared this message with someone else, the video will be immediately distributed.

Best wishes!

Mail Protection Features

Warringah IT’s Mail Protection ensures the optimal filtering of unwanted or harmful messages

Mail Protection adds an extra layer of filtering to your email addresses to ensure any spam or harmful mail does not reach your inbox.

Mail Protection helps protect businesses from spam, viruses, phishing, malware, ransomware, and other email-borne threats, all at an affordable price.

Mail Protection includes features such as:

  • Robust email antivirus and anti-spam protection powered by a continuously updated threat database
  • 24/7 built-in email continuity
  • Compatible with any kind of email service
  • Additional security layer for Office 365
  • Affordable pricing

How Mail Protection works

  1. Email is set to first deliver to the Mail Protection system
  2. Harmful emails are quarantined in the Mail Protection system and legitimate emails are passed through to your mail server and delivered into your inbox
  3. You receive a daily digest (report) of harmful emails that have been quarantined, which allows you to identify emails incorrectly quarantined and release them into your inbox

You can further refine the Protection system by using simple whitelists and blacklists that you can setup in the web portal.

Below is a screenshot of the Mail Protection user portal. This is where you would release emails and whitelist/blacklist users.

[SPAM] Xero Subscription Notifications

Numerous customers have been receiving fake Xero Billing Notification emails similar to our post last month.

The email this time has a subject of ‘Your latest Xero subscription invoice’ and is being sent from a wide range of individual and business email addresses. The invoice numbers used may vary in an attempt to make the invoice more convincing.

Please be aware that these emails were not sent by Xero.

If you have received this email, do not click on the link to view your bill. The link in this phishing email will redirect you to a malicious website.

You can find a regularly updated list of known fake Xero emails published by Xero here.


Dear Customer

Here’s your latest Xero subscription invoice. The amount will be debited from your credit card on or after 27 Feb 2019.

View your bill online: INV-8232842

You may notice that your subscription invoice amount changed recently. This is likely to be due to the recent price changes, which are outlined in our blog.

If you have any queries about your invoice amount, please see the support article at Xero Central.

The Xero Billing Team