Beware of scam emails

There have been reports of a current increment in email scams containing malware, which can take control of your PC or hack your data.

The emails contain a link which, if clicked on, downloads and installs a Remote Access Trojan (RAT) on your device. Hackers use these RATs as an invisible backdoor to access the data on your computer. They can steal your confidential information, hold your computer to ransom or install other programs without your knowledge.

Does it affect me?

Thousands of these emails have been sent out to individuals and businesses across Australia. They are coming from a variety of sources, which means many are not being detected by internet service providers’ email filters or customer anti-malware programs.

The cyber criminals are using a common tactic to try to make the email look legitimate by slightly altering a real domain name. For example some emails are being sent from admin@harborfrelght.com. Note that the there is an ‘l’ in the domain rather than a lower case ‘i’.

How do I stay safe?

  • Don’t open emails if you don’t know the sender.
  • Be suspicious of emails that aren’t addressed directly to you, or don’t use your correct name.
  • Don’t reply to, or forward chain letters you receive by email.
  • Think carefully before clicking on any links or opening any attachments in emails.
  • If you are unsure, contact the person or business separately to check if they are likely to have sent the message.
  • Make sure you have up-to-date anti-virus software installed on any device used to access the internet
  • Businesses: provide security awareness training for your staff and teach them how to protect your business from suspicious and malicious messages.

For more information, please visit: www.staysmartonline.gov.au

Five things you should never share on social media!

We love to share our lives with our friends near and far, however a few people share an excessive amount of information online.

Numerous individuals realize that private data is private, however at times neglecting to thoroughly consider that an social media post can leave you exposed.

You need to always stop and consider what may occur before you send pictures or personal details out into cyber space!

Five things you should never share on social media

  1. Pictures of your new credit card or other financial information. Sometimes in the excitement of receiving a new card, people post a photo of it to social media. Even with the highest privacy settings, it’s not safe to post pictures or information that shows your financial details.
  2. Identity cards or documents. Driver licences are regularly seen on social media, especially when people pass their driving tests. While this is definitely a photo and #hashtag moment, sharing any kind of identification online exposes you to identity fraudsters.
  3. Tickets. Plane tickets continue to be a very popular social media post. But beware! They contain a lot of information, including sequence numbers that cybercriminals can use to decode personal information about you, and then access your bank account and financial information. If you share your holiday plans, you’ve also potentially just told -the criminals when no-one will be home. Same goes for tickets to music and sporting events.
  4. Pay slips. Everyone loves to get a pay rise, but if you post your pay slip to prove it, you’ve just possibly advertised your personal and bank details to cybercriminals. It’s private information—social media doesn’t need to see it!
  5. Inappropriate behaviour, comments, images and video. Inappropriate comments, as well as complaints or criticisms can land you in hot water. So don’t air your grievances on your social media channels. In addition, don’t share intimate or offensive images of anyone without their consent.

For more information, please visit: www.staysmartonline.gov.au

It’s World Backup Day on 31 March!

Guess what would happen if your PC unexpectedly crushed or was hit by malware, and you lost all your important photos, accounts, home videos, documents and emails?

World Backup Day is all about regularly backing up your important files and data so you have a spare copy stored somewhere safe. It’s really quick and simple to do.

What is Backup?

A backup is a second copy of all your important files — for example, your family photos, home videos, documents and emails.

Instead of storing it all in one place (like your computer), you keep another copy of everything somewhere safe.

What are the options?

So how do you go about backing up your files? It’s easy: you can use external hard drives, an online service­—often referred to as cloud backup—or a combination of both.

You can backup mobile devices like smartwatches, tablets and smartphones to your computer.

Remember: Making any kind of backup reduces your risk of losing your data.

External hard drives

External hard drives protect your data on a physical device that’s separate to your computer.

Physically disconnecting your external hard drive from your computer when it’s not in use helps keep your data safe, both from online attackers and power surges.

You can set external hard drives to back up automatically, and they will run regular backups on an hourly, daily or weekly basis. Using multiple external hard drives will help to ensure you always have at least one that is not connected to your computer at all times.

How you backup your digital content on a hard drive depends on your operating system:

  • Apple: connect the external drive, launch Time Machine and click the ‘Backup Now’ button.
  • Windows 10: Go to ‘Settings, Update & Security’, select ‘Backup’ and ‘Add a drive’. Once set up, Windows 10 will back up everything in your user folder, every hour.

Online backups

Online or cloud backups let you store your data online so you can access it at any time from any internet connected device.

Online backups are great if you don’t want to have to think about backing up your files; once set up, almost all online solutions automatically backup and protect all of your computer’s files.

Online backups also mean your data is stored away from your home or office, so if you get hit by a natural disaster or theft, your data is safe.

The cloud has some major benefits, but don’t forget to set a strong password on your account, enable two-factor authentication, and always read the terms of service and privacy policy carefully. If your data is sensitive, consider avoiding public cloud storage.

In general, getting started with an online backup service looks like this:

  • buy an online backup plan
  • install the provided software on your computer
  • tell the software what drives, folders, and/or files you want to keep backed up.

For more information, please visit: www.staysmartonline.gov.au

Check your Facebook privacy policy

What’s happened?

The private information of a considerable number of Facebook users over the globe has perhaps been used to generate political advertising.

Political research firm Cambridge Analytica has been reprimanded for mining the data of 50 million Facebook users to construct political publicizing in the midst of the 2016 US election campaign.

The Australian Privacy Commissioner is examining whether any personal information of Australians has been secured and whether advance regulatory action is required.

Does it affect me?

When you sign up to social media platforms you agree to the privacy policies of each individual site.

Privacy policies govern how your personal information can be used — some social media organisations may share your information, such as email addresses or user preferences, with third party businesses.

How do I stay safe?

It is very important that you take the time to read the privacy policies of each social media platform before you sign up.

Privacy policies can also change so it’s a good idea to regularly review the policy and check how much information you reveal in your profile.

For more information, please visit: www.staysmartonline.gov.au

Beware of Bitcoin Tax Scammers

What’s happened?

The Australian Taxation Office is warning people to beware of scammers impersonating the ATO and demanding Bitcoin or other cryptocurrency as a form of payment for fake tax debts.

The ATO has seen over $50,000 paid in Bitcoin to scammers claiming fake ATO tax debts so far.

Does it affect me?

Anyone can be the target of this scam.

If you have received an unexpected email or threatening phone call that claims to be from the ATO and demands payment via Bitcoin or cryptocurrency, iTunes cards, or pre-paid Visa gift cards, don’t make the payment.

How do I stay safe?

  • Keep your personal information such as your Tax File Number and birth certificate secure and safe. Don’t carry them around in a wallet or handbag or saved on a phone.
  • Be suspicious of any unexpected emails or threatening phone calls that claim to be from the ATO.
  • Check that a payment method is legitimate before making a payment.
  • Don’t overshare on social media and check the privacy settings on your online accounts.

For more information, please visit: www.staysmartonline.gov.au

What happens when an organisation accidentally makes your personal details public?

Organisations collect and store a lot of personal details. You trust them with your address, credit card number, health records and more.

How would you feel if your personal details were accidentally released and went public?

Sometimes personal information is released publicly by accident or as a result of poor security. For example, computer systems can be hacked and personal information stolen.

The new privacy rules aim to better protect your personal information, by making organisations more accountable if they expose it.

A recent McAfee survey found that 43% of people feel they don’t have control over their personal information.

New privacy rules explained

The Notifiable Data Breaches scheme means many organisations must tell you if your personal data has been involved in a data breach, and this has put you at risk of serious harm.

These are called ‘eligible data breaches’.

What are eligible data breaches?

An eligible data breach is one that is likely to result in serious harm to the person the information is about. This could include serious physical, psychological, emotional, financial, or reputational harm.

When an organisation notifies you about a data breach, they will also have to provide recommendations for how you can protect yourself.

What organisations does the scheme apply to?

The scheme applies to Australian Government agencies, businesses and not-for-profit organisations with an annual turnover of more than $3 million, credit reporting bodies, and health service providers, among others.

What does the scheme mean for you?

If an organisation spills your details and it could result in serious harm for you, they will have to tell you about it as soon as possible. This is to give you the chance to reduce any potential harm by taking action that may include changing your password or contacting your bank if your banking details have been leaked.

How will you find out if you are the victim of an eligible data breach?

Organisations should get in touch with you directly if they have accidentally released your data.

Sometimes this won’t be possible, for example, if the organisation doesn’t have your current contact details.

If this is the case, the organisation has to publish the information on their website and make an effort to make sure people affected see it.

For more information, please visit: www.staysmartonline.gov.au

Crypto-mining threat for business

What is crpyto-mining?

Crypto-mining is when your computer is used to generate cryptocurrency, such as BitCoin and Monero.

Crypto-mining is a financially motivated activity. In this case, criminals are using malware to access computers and networks, to create currency or sell processing power to other people.

What’s happened?

Thousands of websites across the globe have fallen victim to crypto-mining malware, after using a popular web tool designed to help people with vision impairment, dyslexia and low literacy.

In crypto-mining, the power and memory of your computer is used to generate cryptocurrency. If criminals gain access to your computer they can generate crypto-currency without your knowledge.

Security researcher Scott Helme claims 4,275 websites have been hijacked worldwide, including in Australia.

It is understood criminals secretly added a malicious program onto the website plug-in ‘Browsealoud’ which allowed them to mine cryptocurrency when the browser window was loaded.

Does it affect my business?

Businesses that rely on the digital accessibility tool ‘Browsealoud’ to deliver a text-to-speech web application are potentially affected.

Texthelp, the company that delivers ‘Browsealoud’ says it has taken it offline while the company alerts its customers.

What do I need to do?

Install any security updates as they become available or alternatively, identify whether another accessibility tool is available which has been recently patched.

Make sure your organisation’s computers and applications are up to date.

For more information, please visit: www.staysmartonline.gov.au

 

Victims scammed via Western Union can get a refund

The ACCC’s Scamwatch is urging all Australians who made payments to a scammer via Western Union from 2004 to 2017 to take action by 12 February to claim your money back.

Examples of tricks the scammers used included:

  • online or internet scams
  • lottery or prize promotion scams
  • family emergency scams
  • advance-fee loan scams
  • online dating or romance scams.

The scammers would tell victims to send the money through Western Union to claim a prize or help their relative. But the money would go straight to the scammer.

Does it affect me?

The scam took place between 1 January 2004 to 19 January 2017. If you used Western Union in this 14-year period, you might be able to claim your money back.

What do I need to do?

To apply for a refund:

Make sure you report you’ve been a victim of this scam to the Australian Government (ACORN)

When do I need to claim by?

You need to submit your claim by 12 February 2018.

More information

For more information, please visit: www.staysmartonline.gov.au

Beware of scam emails offering patches

The German government has issued an alert saying malicious emails messages are being conveyed, mimicking their federal security and IT office and infecting computers with malware.

There are concerns similar spam emails could be sent to Australians.

Why is this an issue?

Just last week it was reported that widespread vulnerabilities in Intel, ARM and AMD processors may allow cyber criminals to steal data from billions of devices.

You were advised to download patches as soon as possible, but now cybercriminals are twisting that message.

They are sending out spam emails that include links to fake webpages, where supposed patches to the Meltdown and Spectre attacks can be found.

The email might look like it comes from an official or government organisation, but if you click on the links you will go to a fake website that has the nasty malware, which will infect your computer or mobile.

Staying safe

You should never click on links in emails or messages you aren’t expecting, even if it comes from a government agency or well-known organisation.

Before you click a link (in an email or on social media, instant messages, webpages, or elsewhere), hover over that link to see the actual web address it will take you to—usually shown at the bottom of the browser window.

If you do not recognize or trust the address, try searching for relevant key terms in a web browser. This way you can find the article, video, or webpage without directly clicking on the suspicious link.

For more information, please visit: www.staysmartonline.gov.au

Does your business use Intel’s AMT? Then be cautious!

Now researchers have discovered a new flaw that affects devices using Intel’s Active Management Technology (AMT). The flaw could allow security controls such as BIOS or Bitlocker passwords to be bypassed if someone got physical access to a device using AMT. This would allow a cybercriminal to later gain remote access to the compromised laptop.

AMT is a management feature of Intel products that enables administrators to remotely manage devices. The feature is found on devices such as laptops, desktops and servers.

Staying safe

If you don’t need AMT, you should disable it in the device BIOS straightaway.

If you do need it, change the default ‘admin’ password to something that is hard to guess.

We also recommend corporate laptops are never left out of a user’s sight, especially in public places such as airports.

For more information, please visit: www.staysmartonline.gov.au