The Australian Competition and Consumer Commission (ACCC) has released its annual Targeting Scams report, as part of Scams Awareness Week.
The report reveals that in 2017 Australians lost $340 million to scammers, a $40 million increase compared to 2016 and the largest reported loss since the ACCC began reporting on scam activity.
Investment scams topped the losses at $64 million, an increase of more than 8 per cent. Dating and romance scams caused the second greatest losses at $42 million.
ACCC Deputy Chair Delia Rickard said, “It’s very worrying that Australians are losing such extraordinary amounts to scammers.”
“Some scams are becoming very sophisticated and hard to spot. Scammers use modern technology like social media to contact and deceive their victims. In the past few years, reports indicate scammers are using aggressive techniques both over the phone and online.”
For example, scammers pretend to be from government agencies or well-known service providers and threaten people with fines, prison time or loss of benefits if they don’t do what the scammer is asking.
Scamwatch received almost 33,000 reports of these threat-based impersonation scams in 2017. Over $4.7 million was reported lost and more than 2,800 people gave their personal information to these scammers.
This Scams Awareness Week, we’re urging people to stop and check ‘Is this for real?’ when they’re contacted by scammers who pretend to be from well-known government organisations or businesses.
How do I protect myself?
When dealing with unexpected contact from government agencies or trusted businesses—whether by phone, email or through social media—always consider the possibility that it may be a scam.
Don’t be pressured by a threatening caller. Hang up, then check whether their story is real. You can verify the identity of the contact through an independent source, such as a phone book or online search. Don’t use the contact details provided by the caller or in the message they sent to you.
What if I’ve been scammed?
If you’ve lost money or given personal information to a scammer, there are steps you can take straight away to limit the damage and protect yourself from further loss:
If you’ve sent money or shared your banking or credit card details, contact your bank immediately. They may be able to stop or reverse a transaction, or close your account.
If you realise you’ve accidently given your personal information to a scammer, visit IDCARE, Australia’s not-for-profit national identity and cyber support service. IDCARE can support you through the process and develop a specific response plan to your situation.
As scammers are often based overseas, it is extremely difficult to track them down or take action against them. So take the time to warn your friends and family about these scams.
Smartphones have revolutionised parenting. Now we can text our kids to check if they’re home from school, finished the movie, or ask them to hang out the washing!
Cybercriminals can also love them just as much as you do!
If a hacker gains access to your phone, they can see your private information, location, email, photos, social media, and bank accounts.
Maybe you have good security setup on your own phone, but what about the other three or four smartphones under your roof? How secure are your kids’ phones and what can you do to plug any security gaps?
Tips to safeguard your family’s smartphones
Question your security and ask how safe is my smartphone?What are the cyber security gaps? Look at everyone’s password strength, social profiles and privacy settings, web browsing security, and app settings.
Use two-factor authentication for your email, social media and bank accounts.
Make your passwords hard to guess. The longer your password, the stronger it is! Use a password that is made up of at least four words, including at least 12 letters. For example ‘horsecupstarshoe’. Make it easy for you to remember.
Don’t trust online apps. Where you download apps from and how you use them plays a critical role in keeping your mobile phone secure. Malicious apps will try to steal personal information from your phone and could expose your device and data to malware. Only install apps from official stores such as Apple’s App Store or Google Play for Android phones or tablets. To change the access an app has to your information, go to your settings. On Android: Go to Apps and Notifications, choose App Permissions and make changes. On iOS: Go to your settings, select Privacy, and make changes to app permissions accordingly.
Track your phone. Make sure your device is password and fingerprint protected in case you lose it. Take a few minutes to enable phone tracking. For Android, download the app Find My Device and for Apple use Find My iPhone.
Bank and shop via your smartphone with care! Log out and lock accounts when you’re not using them and avoid using auto-login features. Think about using a password manager app that forces you to re-enter a master password each time you want to access an account. Disable keychain and auto-fill in your browser; go to Settings and turn each option to OFF. Also, avoid using public Wi-Fi to access sensitive accounts.
Turn off Bluetooth. Make sure to switch Bluetooth off if you’re not using it. When it’s on, it’s constantly looking for open connections. Hackers work quickly through open Bluetooth connections, and often victims don’t even know there’s been a breach.
Keep your anti-virus and operating software up-to-date, and make sure you have all your information safely backed up.
Always question any calls, texts or emails you get asking for your details. These messages may look like they come from a real organisation, but they might contain links to a fake website that asks you to enter your credit card details.
As a precaution, Twitter is urging more than 330 million users to change their password after a glitch left log-in details exposed in the company’s internal computer system.
When you set a password for your account, Twitter uses technology that masks it, so no one can see your password.
The company recently identified a bug that stored unmasked passwords in an internal log. Twitter found this error itself, removed the passwords and is now looking at how it can prevent this from happening again.
Twitter has advised it has fixed the bug, and has no reason to believe the passwords left Twitter’s systems or were misused by anyone.
Does it affect me?
If you have a Twitter account we recommend you change your password on that account, and on all accounts where you’ve used the same password. You can change your Twitter password anytime by going to the password settings page.
How do I stay safe?
There are a few simple steps you can take to help keep your account safe:
Change your password on Twitter and on any other accounts where you may have used the same password.
Use a strong password and don’t reuse the same password on other websites.
Use two-factor authentication so your account is protected by a second layer of security.
Use a password manager to keep stock of all your passwords and login details.
Just like urban myths, cyber myths exist that sound so real they could also be true.
Believing these myths may expose you to cybercriminals.
Myth #1: Anti-virus software and firewalls are 100% effective.
Truth: Anti-virus software and firewalls* are important for protecting your information. However, neither is guaranteed to protect you from an attack. Combining these technologies with good security habits is the best way to reduce your risk.
*Most operating systems include a built-in firewall feature that you should turn on.
Myth #2: I never have to update the software installed on my computer.
Truth: Software companies release updated versions of their software to address problems or fix weaknesses. Hackers and malicious programs or viruses can find weaknesses and will exploit that software to access your computer, smartphone or tablet. To keep your device secure, you should install any software update as soon as possible. Some software even offers the option for automatic updates.
Myth #3: I have nothing important on my computer, so I won’t be hacked.
Truth: Your opinion about what is important might be different to a criminal’s idea. If you have personal or financial data on your computer, hackers can collect it and use it for their own financial gain. Even if you don’t store that kind of information on your computer, a hacker may be able to gain control of your computer and use your data in attacks against other people.
Myth #4: Cybercriminals only target people with money.
Truth: Anyone can become a victim of identity theft. Attackers look for the biggest reward for the least amount of effort and if your information happens to be in a compromised database, it could be collected and used for malicious purposes. It is important to only share your personal details with people and organisations you trust.
Myth #5: A strong password will solve all my security issues.
Truth: Strong passwords are the first line of defence to protect your information from cybercriminals, but they can still be compromised. You should support your strong password with other measures such as two-factor authentication. If strong passwords are too complicated to remember, you can install a password manager on your computer, smartphone or tablet. It will generate and remember secure passwords for you and some password managers will sync across your devices.
Remember: Be diligent about protecting yourself online, so you don’t become the victim of a cyberattack.
Numerous small businesses feel helpless in the face of cyber security threats or don’t consider that they are at risk at all.
Making cyber security a priority for your business is important to protect your livelihood. Many small businesses find it hard to recover after a cyber security incident and are often left devastated. A few simple steps can make a huge difference and protect your business into the future.
Good cyber security doesn’t happen by accident. It’s important to be intentional and consistent in your approach. Here are some simple things you can do:
Ensure you have antivirus software.
Always install security updates.
Develop a policy about the use of personal devices on your network, and make sure you and your staff understand the associated risks.
Set a back-up schedule to regularly back up all your data.
Use strong passwords on all your accounts and encourage your staff to do the same.
Don’t assume your staff are cyber safe.Work with them to help them practice safe online behavior while at work. Here’s what you can do:
Educate your staff on click safety, how to identify scams and appropriate care and storage of customer information.
Discuss current risks, such as scams and ransomware and how you can stay safe.
Have an incident response plan – what will you do if you experience an incident?
Staying aware of cyber security issues and risks is a great way to protect your business.
Practice safe browsing habits and be on the lookout for malicious links and scams.
Making cyber security a priority for your small business is easy, and taking a few simple steps will make you feel more comfortable, knowing your business is safer!
The Australian Government has issued a media release identifying Russia as responsible for targeting commercially available routers around the world in 2017.
While Australian organisations were affected by this targeting, there is no indication that Australian information was compromised. Businesses are reminded to be vigilant and take all steps to keep your information safe.
Small businesses can keep their information safe by:
Using a firewall to keep out unwanted connections and review the firewall logs for unusual activity on your network. For example, you may notice something that suggests an intrusion.
Restricting access to the minimum services and functions necessary for staff to carry out their role.
Using strong authentication that requires both a password and a token-based or two-factor authentication.
Deleting remote access privileges for staff once they are not needed. For example, do not let someone who has left the company retain access to your network.
Using Virtual Private Network (VPN) software to provide a high level of encryption for access to your network remotely.
If you allow staff to connect to your business network using personal equipment, including home computers and mobile phones, ensure they have installed the latest software updates, have up-to-date security software and have received security awareness training.
There have been reports of a current increment in email scams containing malware, which can take control of your PC or hack your data.
The emails contain a link which, if clicked on, downloads and installs a Remote Access Trojan (RAT) on your device. Hackers use these RATs as an invisible backdoor to access the data on your computer. They can steal your confidential information, hold your computer to ransom or install other programs without your knowledge.
Does it affect me?
Thousands of these emails have been sent out to individuals and businesses across Australia. They are coming from a variety of sources, which means many are not being detected by internet service providers’ email filters or customer anti-malware programs.
The cyber criminals are using a common tactic to try to make the email look legitimate by slightly altering a real domain name. For example some emails are being sent from firstname.lastname@example.org. Note that the there is an ‘l’ in the domain rather than a lower case ‘i’.
How do I stay safe?
Don’t open emails if you don’t know the sender.
Be suspicious of emails that aren’t addressed directly to you, or don’t use your correct name.
Don’t reply to, or forward chain letters you receive by email.
Think carefully before clicking on any links or opening any attachments in emails.
If you are unsure, contact the person or business separately to check if they are likely to have sent the message.
Make sure you have up-to-date anti-virus software installed on any device used to access the internet
Businesses: provide security awareness training for your staff and teach them how to protect your business from suspicious and malicious messages.
We love to share our lives with our friends near and far, however a few people share an excessive amount of information online.
Numerous individuals realize that private data is private, however at times neglecting to thoroughly consider that an social media post can leave you exposed.
You need to always stop and consider what may occur before you send pictures or personal details out into cyber space!
Five things you should never share on social media
Pictures of your new credit card or other financial information. Sometimes in the excitement of receiving a new card, people post a photo of it to social media. Even with the highest privacy settings, it’s not safe to post pictures or information that shows your financial details.
Identity cards or documents. Driver licences are regularly seen on social media, especially when people pass their driving tests. While this is definitely a photo and #hashtag moment, sharing any kind of identification online exposes you to identity fraudsters.
Tickets. Plane tickets continue to be a very popular social media post. But beware! They contain a lot of information, including sequence numbers that cybercriminals can use to decode personal information about you, and then access your bank account and financial information. If you share your holiday plans, you’ve also potentially just told -the criminals when no-one will be home. Same goes for tickets to music and sporting events.
Pay slips. Everyone loves to get a pay rise, but if you post your pay slip to prove it, you’ve just possibly advertised your personal and bank details to cybercriminals. It’s private information—social media doesn’t need to see it!
Inappropriate behaviour, comments, images and video. Inappropriate comments, as well as complaints or criticisms can land you in hot water. So don’t air your grievances on your social media channels. In addition, don’t share intimate or offensive images of anyone without their consent.
Guess what would happen if your PC unexpectedly crushed or was hit by malware, and you lost all your important photos, accounts, home videos, documents and emails?
World Backup Day is all about regularly backing up your important files and data so you have a spare copy stored somewhere safe. It’s really quick and simple to do.
What is Backup?
A backup is a second copy of all your important files — for example, your family photos, home videos, documents and emails.
Instead of storing it all in one place (like your computer), you keep another copy of everything somewhere safe.
What are the options?
So how do you go about backing up your files? It’s easy: you can use external hard drives, an online service—often referred to as cloud backup—or a combination of both.
You can backup mobile devices like smartwatches, tablets and smartphones to your computer.
Remember: Making any kind of backup reduces your risk of losing your data.
External hard drives
External hard drives protect your data on a physical device that’s separate to your computer.
Physically disconnecting your external hard drive from your computer when it’s not in use helps keep your data safe, both from online attackers and power surges.
You can set external hard drives to back up automatically, and they will run regular backups on an hourly, daily or weekly basis. Using multiple external hard drives will help to ensure you always have at least one that is not connected to your computer at all times.
How you backup your digital content on a hard drive depends on your operating system:
Apple: connect the external drive, launch Time Machine and click the ‘Backup Now’ button.
Windows 10: Go to ‘Settings, Update & Security’, select ‘Backup’ and ‘Add a drive’. Once set up, Windows 10 will back up everything in your user folder, every hour.
Online or cloud backups let you store your data online so you can access it at any time from any internet connected device.
Online backups are great if you don’t want to have to think about backing up your files; once set up, almost all online solutions automatically backup and protect all of your computer’s files.
Online backups also mean your data is stored away from your home or office, so if you get hit by a natural disaster or theft, your data is safe.
In general, getting started with an online backup service looks like this:
buy an online backup plan
install the provided software on your computer
tell the software what drives, folders, and/or files you want to keep backed up.
The private information of a considerable number of Facebook users over the globe has perhaps been used to generate political advertising.
Political research firm Cambridge Analytica has been reprimanded for mining the data of 50 million Facebook users to construct political publicizing in the midst of the 2016 US election campaign.
The Australian Privacy Commissioner is examining whether any personal information of Australians has been secured and whether advance regulatory action is required.
Does it affect me?
When you sign up to social media platforms you agree to the privacy policies of each individual site.
Privacy policies govern how your personal information can be used — some social media organisations may share your information, such as email addresses or user preferences, with third party businesses.
How do I stay safe?
It is very important that you take the time to read the privacy policies of each social media platform before you sign up.
Privacy policies can also change so it’s a good idea to regularly review the policy and check how much information you reveal in your profile.