The Australian Taxation Office is warning people to beware of scammers impersonating the ATO and demanding Bitcoin or other cryptocurrency as a form of payment for fake tax debts.
The ATO has seen over $50,000 paid in Bitcoin to scammers claiming fake ATO tax debts so far.
Does it affect me?
Anyone can be the target of this scam.
If you have received an unexpected email or threatening phone call that claims to be from the ATO and demands payment via Bitcoin or cryptocurrency, iTunes cards, or pre-paid Visa gift cards, don’t make the payment.
How do I stay safe?
Keep your personal information such as your Tax File Number and birth certificate secure and safe. Don’t carry them around in a wallet or handbag or saved on a phone.
Be suspicious of any unexpected emails or threatening phone calls that claim to be from the ATO.
Organisations collect and store a lot of personal details. You trust them with your address, credit card number, health records and more.
How would you feel if your personal details were accidentally released and went public?
Sometimes personal information is released publicly by accident or as a result of poor security. For example, computer systems can be hacked and personal information stolen.
The new privacy rules aim to better protect your personal information, by making organisations more accountable if they expose it.
A recent McAfee survey found that 43% of people feel they don’t have control over their personal information.
New privacy rules explained
The Notifiable Data Breaches scheme means many organisations must tell you if your personal data has been involved in a data breach, and this has put you at risk of serious harm.
These are called ‘eligible data breaches’.
What are eligible data breaches?
An eligible data breach is one that is likely to result in serious harm to the person the information is about. This could include serious physical, psychological, emotional, financial, or reputational harm.
When an organisation notifies you about a data breach, they will also have to provide recommendations for how you can protect yourself.
What organisations does the scheme apply to?
The scheme applies to Australian Government agencies, businesses and not-for-profit organisations with an annual turnover of more than $3 million, credit reporting bodies, and health service providers, among others.
What does the scheme mean for you?
If an organisation spills your details and it could result in serious harm for you, they will have to tell you about it as soon as possible. This is to give you the chance to reduce any potential harm by taking action that may include changing your password or contacting your bank if your banking details have been leaked.
How will you find out if you are the victim of an eligible data breach?
Organisations should get in touch with you directly if they have accidentally released your data.
Sometimes this won’t be possible, for example, if the organisation doesn’t have your current contact details.
If this is the case, the organisation has to publish the information on their website and make an effort to make sure people affected see it.
The German government has issued an alert saying malicious emails messages are being conveyed, mimicking their federal security and IT office and infecting computers with malware.
There are concerns similar spam emails could be sent to Australians.
Why is this an issue?
Just last week it was reported that widespread vulnerabilities in Intel, ARM and AMD processors may allow cyber criminals to steal data from billions of devices.
You were advised to download patches as soon as possible, but now cybercriminals are twisting that message.
They are sending out spam emails that include links to fake webpages, where supposed patches to the Meltdown and Spectre attacks can be found.
The email might look like it comes from an official or government organisation, but if you click on the links you will go to a fake website that has the nasty malware, which will infect your computer or mobile.
You should never click on links in emails or messages you aren’t expecting, even if it comes from a government agency or well-known organisation.
Before you click a link (in an email or on social media, instant messages, webpages, or elsewhere), hover over that link to see the actual web address it will take you to—usually shown at the bottom of the browser window.
If you do not recognize or trust the address, try searching for relevant key terms in a web browser. This way you can find the article, video, or webpage without directly clicking on the suspicious link.
Now researchers have discovered a new flaw that affects devices using Intel’s Active Management Technology (AMT). The flaw could allow security controls such as BIOS or Bitlocker passwords to be bypassed if someone got physical access to a device using AMT. This would allow a cybercriminal to later gain remote access to the compromised laptop.
AMT is a management feature of Intel products that enables administrators to remotely manage devices. The feature is found on devices such as laptops, desktops and servers.
If you don’t need AMT, you should disable it in the device BIOS straightaway.
If you do need it, change the default ‘admin’ password to something that is hard to guess.
We also recommend corporate laptops are never left out of a user’s sight, especially in public places such as airports.
You may have noticed reports in the media about Intel, ARM and AMD processor vulnerabilities that may allow cybercriminals to steal data from your devices.
You are advised to download patches as soon as they become available.
Hackers find weaknesses in software and hardware (called vulnerabilities) that they exploit to access your computer, smartphone or tablet. Installing software and firmware updates can fix these vulnerabilities and help keep you secure.
Many software providers release patches and updates for their products to correct security concerns and improve functionality.
Most modern software and applications update automatically, but make sure you agree to install updates when prompted. Common software to keep updated include:
operating systems, for example Windows, macOS, iOS, Android
antivirus and security software
browsers, for example Internet Explorer, Firefox, Chrome
web plugins, for example Adobe Flash, Reader, Skype, Apple QuickTime, iTunes, Java, ActiveX
other types of applications, for example Microsoft Office.
When you buy a new device, check for updates straight away as part of the initial set up, ensuring you enable automatic updates.
If you have any concern in relation to this article, please feel free to contact Computer Support Professional’s friendly technical team. We are available 24/7.