Beware of Bitcoin Tax Scammers

What’s happened?

The Australian Taxation Office is warning people to beware of scammers impersonating the ATO and demanding Bitcoin or other cryptocurrency as a form of payment for fake tax debts.

The ATO has seen over $50,000 paid in Bitcoin to scammers claiming fake ATO tax debts so far.

Does it affect me?

Anyone can be the target of this scam.

If you have received an unexpected email or threatening phone call that claims to be from the ATO and demands payment via Bitcoin or cryptocurrency, iTunes cards, or pre-paid Visa gift cards, don’t make the payment.

How do I stay safe?

  • Keep your personal information such as your Tax File Number and birth certificate secure and safe. Don’t carry them around in a wallet or handbag or saved on a phone.
  • Be suspicious of any unexpected emails or threatening phone calls that claim to be from the ATO.
  • Check that a payment method is legitimate before making a payment.
  • Don’t overshare on social media and check the privacy settings on your online accounts.

For more information, please visit: www.staysmartonline.gov.au

What happens when an organisation accidentally makes your personal details public?

Organisations collect and store a lot of personal details. You trust them with your address, credit card number, health records and more.

How would you feel if your personal details were accidentally released and went public?

Sometimes personal information is released publicly by accident or as a result of poor security. For example, computer systems can be hacked and personal information stolen.

The new privacy rules aim to better protect your personal information, by making organisations more accountable if they expose it.

A recent McAfee survey found that 43% of people feel they don’t have control over their personal information.

New privacy rules explained

The Notifiable Data Breaches scheme means many organisations must tell you if your personal data has been involved in a data breach, and this has put you at risk of serious harm.

These are called ‘eligible data breaches’.

What are eligible data breaches?

An eligible data breach is one that is likely to result in serious harm to the person the information is about. This could include serious physical, psychological, emotional, financial, or reputational harm.

When an organisation notifies you about a data breach, they will also have to provide recommendations for how you can protect yourself.

What organisations does the scheme apply to?

The scheme applies to Australian Government agencies, businesses and not-for-profit organisations with an annual turnover of more than $3 million, credit reporting bodies, and health service providers, among others.

What does the scheme mean for you?

If an organisation spills your details and it could result in serious harm for you, they will have to tell you about it as soon as possible. This is to give you the chance to reduce any potential harm by taking action that may include changing your password or contacting your bank if your banking details have been leaked.

How will you find out if you are the victim of an eligible data breach?

Organisations should get in touch with you directly if they have accidentally released your data.

Sometimes this won’t be possible, for example, if the organisation doesn’t have your current contact details.

If this is the case, the organisation has to publish the information on their website and make an effort to make sure people affected see it.

For more information, please visit: www.staysmartonline.gov.au

Crypto-mining threat for business

What is crpyto-mining?

Crypto-mining is when your computer is used to generate cryptocurrency, such as BitCoin and Monero.

Crypto-mining is a financially motivated activity. In this case, criminals are using malware to access computers and networks, to create currency or sell processing power to other people.

What’s happened?

Thousands of websites across the globe have fallen victim to crypto-mining malware, after using a popular web tool designed to help people with vision impairment, dyslexia and low literacy.

In crypto-mining, the power and memory of your computer is used to generate cryptocurrency. If criminals gain access to your computer they can generate crypto-currency without your knowledge.

Security researcher Scott Helme claims 4,275 websites have been hijacked worldwide, including in Australia.

It is understood criminals secretly added a malicious program onto the website plug-in ‘Browsealoud’ which allowed them to mine cryptocurrency when the browser window was loaded.

Does it affect my business?

Businesses that rely on the digital accessibility tool ‘Browsealoud’ to deliver a text-to-speech web application are potentially affected.

Texthelp, the company that delivers ‘Browsealoud’ says it has taken it offline while the company alerts its customers.

What do I need to do?

Install any security updates as they become available or alternatively, identify whether another accessibility tool is available which has been recently patched.

Make sure your organisation’s computers and applications are up to date.

For more information, please visit: www.staysmartonline.gov.au

 

Victims scammed via Western Union can get a refund

The ACCC’s Scamwatch is urging all Australians who made payments to a scammer via Western Union from 2004 to 2017 to take action by 12 February to claim your money back.

Examples of tricks the scammers used included:

  • online or internet scams
  • lottery or prize promotion scams
  • family emergency scams
  • advance-fee loan scams
  • online dating or romance scams.

The scammers would tell victims to send the money through Western Union to claim a prize or help their relative. But the money would go straight to the scammer.

Does it affect me?

The scam took place between 1 January 2004 to 19 January 2017. If you used Western Union in this 14-year period, you might be able to claim your money back.

What do I need to do?

To apply for a refund:

Make sure you report you’ve been a victim of this scam to the Australian Government (ACORN)

When do I need to claim by?

You need to submit your claim by 12 February 2018.

More information

For more information, please visit: www.staysmartonline.gov.au

Beware of scam emails offering patches

The German government has issued an alert saying malicious emails messages are being conveyed, mimicking their federal security and IT office and infecting computers with malware.

There are concerns similar spam emails could be sent to Australians.

Why is this an issue?

Just last week it was reported that widespread vulnerabilities in Intel, ARM and AMD processors may allow cyber criminals to steal data from billions of devices.

You were advised to download patches as soon as possible, but now cybercriminals are twisting that message.

They are sending out spam emails that include links to fake webpages, where supposed patches to the Meltdown and Spectre attacks can be found.

The email might look like it comes from an official or government organisation, but if you click on the links you will go to a fake website that has the nasty malware, which will infect your computer or mobile.

Staying safe

You should never click on links in emails or messages you aren’t expecting, even if it comes from a government agency or well-known organisation.

Before you click a link (in an email or on social media, instant messages, webpages, or elsewhere), hover over that link to see the actual web address it will take you to—usually shown at the bottom of the browser window.

If you do not recognize or trust the address, try searching for relevant key terms in a web browser. This way you can find the article, video, or webpage without directly clicking on the suspicious link.

For more information, please visit: www.staysmartonline.gov.au

Does your business use Intel’s AMT? Then be cautious!

Now researchers have discovered a new flaw that affects devices using Intel’s Active Management Technology (AMT). The flaw could allow security controls such as BIOS or Bitlocker passwords to be bypassed if someone got physical access to a device using AMT. This would allow a cybercriminal to later gain remote access to the compromised laptop.

AMT is a management feature of Intel products that enables administrators to remotely manage devices. The feature is found on devices such as laptops, desktops and servers.

Staying safe

If you don’t need AMT, you should disable it in the device BIOS straightaway.

If you do need it, change the default ‘admin’ password to something that is hard to guess.

We also recommend corporate laptops are never left out of a user’s sight, especially in public places such as airports.

For more information, please visit: www.staysmartonline.gov.au

Protect your devices from the latest processor vulnerabilities

You may have noticed reports in the media about Intel, ARM and AMD processor vulnerabilities that may allow cybercriminals to steal data from your devices.

You are advised to download patches as soon as they become available.

Hackers find weaknesses in software and hardware (called vulnerabilities) that they exploit to access your computer, smartphone or tablet. Installing software and firmware updates can fix these vulnerabilities and help keep you secure.

Staying safe

Many software providers release patches and updates for their products to correct security concerns and improve functionality.

Most modern software and applications update automatically, but make sure you agree to install updates when prompted. Common software to keep updated include:

  • operating systems, for example Windows, macOS, iOS, Android
  • antivirus and security software
  • browsers, for example Internet Explorer, Firefox, Chrome
  • web plugins, for example Adobe Flash, Reader, Skype, Apple QuickTime, iTunes, Java, ActiveX
  • other types of applications, for example Microsoft Office.

When you buy a new device, check for updates straight away as part of the initial set up, ensuring you enable automatic updates.

If you have any concern in relation to this article, please feel free to contact Computer Support Professional’s friendly technical team. We are available 24/7.

Call us 1300 660 368 OR Send us email on helpdesk@cspro.com.au

For more information, please visit: www.staysmartonline.gov.au