There have been reports of a current increment in email scams containing malware, which can take control of your PC or hack your data.
The emails contain a link which, if clicked on, downloads and installs a Remote Access Trojan (RAT) on your device. Hackers use these RATs as an invisible backdoor to access the data on your computer. They can steal your confidential information, hold your computer to ransom or install other programs without your knowledge.
Does it affect me?
Thousands of these emails have been sent out to individuals and businesses across Australia. They are coming from a variety of sources, which means many are not being detected by internet service providers’ email filters or customer anti-malware programs.
The cyber criminals are using a common tactic to try to make the email look legitimate by slightly altering a real domain name. For example some emails are being sent from email@example.com. Note that the there is an ‘l’ in the domain rather than a lower case ‘i’.
How do I stay safe?
Don’t open emails if you don’t know the sender.
Be suspicious of emails that aren’t addressed directly to you, or don’t use your correct name.
Don’t reply to, or forward chain letters you receive by email.
Think carefully before clicking on any links or opening any attachments in emails.
If you are unsure, contact the person or business separately to check if they are likely to have sent the message.
Make sure you have up-to-date anti-virus software installed on any device used to access the internet
Businesses: provide security awareness training for your staff and teach them how to protect your business from suspicious and malicious messages.
We love to share our lives with our friends near and far, however a few people share an excessive amount of information online.
Numerous individuals realize that private data is private, however at times neglecting to thoroughly consider that an social media post can leave you exposed.
You need to always stop and consider what may occur before you send pictures or personal details out into cyber space!
Five things you should never share on social media
Pictures of your new credit card or other financial information. Sometimes in the excitement of receiving a new card, people post a photo of it to social media. Even with the highest privacy settings, it’s not safe to post pictures or information that shows your financial details.
Identity cards or documents. Driver licences are regularly seen on social media, especially when people pass their driving tests. While this is definitely a photo and #hashtag moment, sharing any kind of identification online exposes you to identity fraudsters.
Tickets. Plane tickets continue to be a very popular social media post. But beware! They contain a lot of information, including sequence numbers that cybercriminals can use to decode personal information about you, and then access your bank account and financial information. If you share your holiday plans, you’ve also potentially just told -the criminals when no-one will be home. Same goes for tickets to music and sporting events.
Pay slips. Everyone loves to get a pay rise, but if you post your pay slip to prove it, you’ve just possibly advertised your personal and bank details to cybercriminals. It’s private information—social media doesn’t need to see it!
Inappropriate behaviour, comments, images and video. Inappropriate comments, as well as complaints or criticisms can land you in hot water. So don’t air your grievances on your social media channels. In addition, don’t share intimate or offensive images of anyone without their consent.
Guess what would happen if your PC unexpectedly crushed or was hit by malware, and you lost all your important photos, accounts, home videos, documents and emails?
World Backup Day is all about regularly backing up your important files and data so you have a spare copy stored somewhere safe. It’s really quick and simple to do.
What is Backup?
A backup is a second copy of all your important files — for example, your family photos, home videos, documents and emails.
Instead of storing it all in one place (like your computer), you keep another copy of everything somewhere safe.
What are the options?
So how do you go about backing up your files? It’s easy: you can use external hard drives, an online service—often referred to as cloud backup—or a combination of both.
You can backup mobile devices like smartwatches, tablets and smartphones to your computer.
Remember: Making any kind of backup reduces your risk of losing your data.
External hard drives
External hard drives protect your data on a physical device that’s separate to your computer.
Physically disconnecting your external hard drive from your computer when it’s not in use helps keep your data safe, both from online attackers and power surges.
You can set external hard drives to back up automatically, and they will run regular backups on an hourly, daily or weekly basis. Using multiple external hard drives will help to ensure you always have at least one that is not connected to your computer at all times.
How you backup your digital content on a hard drive depends on your operating system:
Apple: connect the external drive, launch Time Machine and click the ‘Backup Now’ button.
Windows 10: Go to ‘Settings, Update & Security’, select ‘Backup’ and ‘Add a drive’. Once set up, Windows 10 will back up everything in your user folder, every hour.
Online or cloud backups let you store your data online so you can access it at any time from any internet connected device.
Online backups are great if you don’t want to have to think about backing up your files; once set up, almost all online solutions automatically backup and protect all of your computer’s files.
Online backups also mean your data is stored away from your home or office, so if you get hit by a natural disaster or theft, your data is safe.
In general, getting started with an online backup service looks like this:
buy an online backup plan
install the provided software on your computer
tell the software what drives, folders, and/or files you want to keep backed up.
The private information of a considerable number of Facebook users over the globe has perhaps been used to generate political advertising.
Political research firm Cambridge Analytica has been reprimanded for mining the data of 50 million Facebook users to construct political publicizing in the midst of the 2016 US election campaign.
The Australian Privacy Commissioner is examining whether any personal information of Australians has been secured and whether advance regulatory action is required.
Does it affect me?
When you sign up to social media platforms you agree to the privacy policies of each individual site.
Privacy policies govern how your personal information can be used — some social media organisations may share your information, such as email addresses or user preferences, with third party businesses.
How do I stay safe?
It is very important that you take the time to read the privacy policies of each social media platform before you sign up.
Privacy policies can also change so it’s a good idea to regularly review the policy and check how much information you reveal in your profile.
The Australian Taxation Office is warning people to beware of scammers impersonating the ATO and demanding Bitcoin or other cryptocurrency as a form of payment for fake tax debts.
The ATO has seen over $50,000 paid in Bitcoin to scammers claiming fake ATO tax debts so far.
Does it affect me?
Anyone can be the target of this scam.
If you have received an unexpected email or threatening phone call that claims to be from the ATO and demands payment via Bitcoin or cryptocurrency, iTunes cards, or pre-paid Visa gift cards, don’t make the payment.
How do I stay safe?
Keep your personal information such as your Tax File Number and birth certificate secure and safe. Don’t carry them around in a wallet or handbag or saved on a phone.
Be suspicious of any unexpected emails or threatening phone calls that claim to be from the ATO.
Organisations collect and store a lot of personal details. You trust them with your address, credit card number, health records and more.
How would you feel if your personal details were accidentally released and went public?
Sometimes personal information is released publicly by accident or as a result of poor security. For example, computer systems can be hacked and personal information stolen.
The new privacy rules aim to better protect your personal information, by making organisations more accountable if they expose it.
A recent McAfee survey found that 43% of people feel they don’t have control over their personal information.
New privacy rules explained
The Notifiable Data Breaches scheme means many organisations must tell you if your personal data has been involved in a data breach, and this has put you at risk of serious harm.
These are called ‘eligible data breaches’.
What are eligible data breaches?
An eligible data breach is one that is likely to result in serious harm to the person the information is about. This could include serious physical, psychological, emotional, financial, or reputational harm.
When an organisation notifies you about a data breach, they will also have to provide recommendations for how you can protect yourself.
What organisations does the scheme apply to?
The scheme applies to Australian Government agencies, businesses and not-for-profit organisations with an annual turnover of more than $3 million, credit reporting bodies, and health service providers, among others.
What does the scheme mean for you?
If an organisation spills your details and it could result in serious harm for you, they will have to tell you about it as soon as possible. This is to give you the chance to reduce any potential harm by taking action that may include changing your password or contacting your bank if your banking details have been leaked.
How will you find out if you are the victim of an eligible data breach?
Organisations should get in touch with you directly if they have accidentally released your data.
Sometimes this won’t be possible, for example, if the organisation doesn’t have your current contact details.
If this is the case, the organisation has to publish the information on their website and make an effort to make sure people affected see it.
The German government has issued an alert saying malicious emails messages are being conveyed, mimicking their federal security and IT office and infecting computers with malware.
There are concerns similar spam emails could be sent to Australians.
Why is this an issue?
Just last week it was reported that widespread vulnerabilities in Intel, ARM and AMD processors may allow cyber criminals to steal data from billions of devices.
You were advised to download patches as soon as possible, but now cybercriminals are twisting that message.
They are sending out spam emails that include links to fake webpages, where supposed patches to the Meltdown and Spectre attacks can be found.
The email might look like it comes from an official or government organisation, but if you click on the links you will go to a fake website that has the nasty malware, which will infect your computer or mobile.
You should never click on links in emails or messages you aren’t expecting, even if it comes from a government agency or well-known organisation.
Before you click a link (in an email or on social media, instant messages, webpages, or elsewhere), hover over that link to see the actual web address it will take you to—usually shown at the bottom of the browser window.
If you do not recognize or trust the address, try searching for relevant key terms in a web browser. This way you can find the article, video, or webpage without directly clicking on the suspicious link.
Now researchers have discovered a new flaw that affects devices using Intel’s Active Management Technology (AMT). The flaw could allow security controls such as BIOS or Bitlocker passwords to be bypassed if someone got physical access to a device using AMT. This would allow a cybercriminal to later gain remote access to the compromised laptop.
AMT is a management feature of Intel products that enables administrators to remotely manage devices. The feature is found on devices such as laptops, desktops and servers.
If you don’t need AMT, you should disable it in the device BIOS straightaway.
If you do need it, change the default ‘admin’ password to something that is hard to guess.
We also recommend corporate laptops are never left out of a user’s sight, especially in public places such as airports.