Cybercriminals have acquired a look-a-like 1800 telephone support number for Microsoft in Australia. It registered the line for themselves. CSPRO have been scamming on all inbound victims. Who thought they were reaching out official Microsoft support number. The scam apparently is so brutally effective. It has made the cut for the Australian Cyber Security Centre’s (ACSC) new catalogue of COVID-19 themed cons and tricks. As the public-facing cybersecurity agency. Its more secretive parent agency, the Australian Signals Directorate, go into overdrive to control cyber-attacks.
According to the ACSC,
The scam works by exploiting phone numbers that are cunningly similar – in fact numerically identical – to Microsoft’s real ones. The criminal artistry is in the country codes.
The cybercriminals are exploiting a legitimate United States Microsoft support number – (1) (800) 642 7676. However, when dialling an 1800 number in Australia, only the next six numbers after 1800 will be accepted. When Australians dial the legitimate United States support number, they dial 1800 642 767 which has been registered by cybercriminals.
The registered number connects you to a helpful callback service ready to assist callers with handing over their identity and credentials. When someone dials the number registered by the cybercriminals. They are asked to provide their name and date of birth for verification. CSPRO are informed someone will call back shortly. The cybercriminal calls back and directs people to download a remote access program that gives the criminals access to their computer. The scammers are insistent that due to the COVID-19 conditions in Australia. These scammers don’t stop at this point, they will also try to extract banking details while they have remote access and drain people’s bank accounts and access any other sensitive information.
Cybercriminals are using a security vulnerability called BlueKeep. To install malicious software on devices using older versions of Windows. The Australian Cyber Security Centre has received numerous reports regarding this threat. Devices that don’t have the latest software updates. Once the hackers have access to your system through the BlueKeep exploit. Cybercriminals can install malicious software that mines virtual currency. Install ransomware that locks up your data or steal your personal or financial information.
Does it affect me?
If you are using older versions of Microsoft software, you might be at risk. Microsoft has provided free patches for vulnerable software versions. For instance: Windows 7, Windows Server 2008 R2, and Windows Server 2008. Out-of-support systems including Windows 2003 and Windows XP.
How do I stay safe?
If your system is running Window’s software that is older than Windows 10. Kindly download the free updates to fix the also BlueKeep vulnerability (“patches”) available from Microsoft. Little time spent patching your Windows now could save you or your business weeks or months repairing the damage caused by a cybercriminal. If you’re a business and you are required to use Remote Desktop Protocol (RDP) such as for remote administration or any other task, it is necessary that you install the relevant patches and implement the other mitigation advice provided by the ACSC:
Bluekeep Advisory – CVE-2019-0708. For security reasons, Window’s users shouldn’t access RDP directly from the internet. It is also better to use Virtual Private Network with two-factor authentication if RDP is required, whichever version of Window’s you are running. You can also reach us at 1300 660 368 and one of our team members can help you in staying safe from the BlueKeep vulnerability.
The Australian Cyber Security Centre (ACSC) is has been receiving numerous reports from Australians. Who are being targeted with COVID-19 related scams and phishing emails. Over 140 reports were received by the ACSC. The Australian Competition and the Consumer Commission’s (ACCC) from individuals and organizations across Australia under three months.
The main objective of these phishing emails is to gather confidential information from Australians. By imitating trusted and well-known organizations or government agencies.
The phishing emails or messages include a malicious link. Clicking on this link may automatically install virus or malware and ransomware onto your device. Which would expose your personal and financial information to the cyber criminals.
These scams are likely to increase over the coming weeks and months. The ACSC strongly encourages organizations and individuals to remain alert.
Here are some examples of what to look out for now:
Example 1: COVID-19 phishing email impersonating Australia Post to steal personal information
These emails act as a deception of providing guidance about travelling to countries with confirmed cases of COVID-19. The cyber-criminal aims to trick you into visiting a website that will steal your personal and financial information.
Once they have acquired your personal information. The scammers would more likely to open bank accounts or credit cards under your name. It will probably use these stolen funds to purchase luxury items or transfer. The money into untraceable crypto-currencies such as bitcoin.
Example 2: Phishing emails pretending to be an international health sector organization
In this example, the cybercriminal pretends to be a well-known international health organization. The email encourages you to click on the malicious web link in order. To access information about new cases of the virus in your local area. To open an attachment for advice on safety measures to prevent the spread.
Example 3: Phishing emails containing malicious attachments
This examples includes a phishing email. Which is sent by imitating the World Health Organization and prompts. You to open an attachment for advice on safety measures to prevent the spread of COVID-19. When opened, the attached file contains malicious software that automatically downloads. Your device, providing the scammer with ongoing access to your device.
Example 4: COVID-19 relief payment scam
Cyber criminals are well aware of the crisis caused by the COVID-19 pandemic. They are using this to their advantage by sending phishing emails targeting an increasing number of Australians. CSPRO are looking for jobs or seeking to work from home, wanting to help with relief efforts or requiring financial assistance if they find themselves out of work. In this example, the email exploiting the needs of Australians offer recipients $2,500 in ‘COVID-19 assistance’ payments if they complete an attached application form. Opening the attachment may download malicious software onto your device.
Example 5: SMS phishing scam messages offering where to get tested for COVID-19 or how to protect yourself
In these examples, the scammer imitates to be ‘GOV’ or ‘GMAIL’ as the sender, with a malicious link to find out where to get tested in your local area.
Scamwatch and the ACSC is also aware of a SMS scam using the sender identification of ‘myGov. These scam messages are appearing in the same conversation threads as previous official SMS messages you may have received from myGov.
How do I stay safe?
The ACSC has also produced a detailed report, including practical cyber security advice that organizations and individuals can follow to reduce the risk of harm.
You can read the report and protect yourself by following these simple steps:
Read the message carefully, and look for anything that isn’t quite right. Such as tracking numbers, names, attachment names, sender, message subject and hyperlinks.
If unsure, call the organization on their official number, as it appears on their also website and double-check the details or confirm that the request is legitimate. Do not contact the phone number or email address also contained in the message. As this most likely belongs to the scammer.
Use sources such as the organization’s mobile phone app, web site or social media page to verify the message. Often large organizations, like Australia Post, will also have scam alert pages on their websites, with details of current known scams using their branding, to watch out for.
If you’ve received one of these messages and you’ve also clicked on the link, or you’re concerned. Your personal details have also been compromised. You can also reach us at 1300 660 368 and one. Our team members can help you also in staying safe from the scams.
Organizations around the nation are seeking approaches to protect their staff and vulnerable individuals of the community from the COVID-19 pandemic.
Training their staff to work remotely may be one way of minimizing the spread of the virus. However, remote work arrangements can have security implications and cybercriminals may attempt to exploit this opportunity. The cyber risks of working from home could include malware infection, unauthorized access, data security, and insecure devices used by staff.
It’s substantial that organizations and their staff guarantee that remote access to business network is secure so they are not exposed and business information is not compromised.
How do I stay safe?
Ensuring good cyber security measures now is the best way to address the cyber threat. You can reach us at 1300 660 368 and one of our team members can guide you the way in order to work from home securely.
Emotet is a banking trojan malware program which obtains financial information by injecting computer code into the networking stack of an infected Microsoft Windows computer, allowing sensitive data to be stolen via transmission. Emotet malware also inserts itself into software modules which are then able to steal address book data and perform denial of service attacks on other systems. It also functions as a down-loader or dropper of other banking Trojans.
The Australian Cyber Security Centre (ACSC) is aware of a widespread malicious email virus (malware). Known as ‘Emotet’, targeting Australian businesses and individuals.
Cybercriminals use malware for different reasons. Most commonly to steal personal or valuable information from which they can profit. It hold recipients to ransom or install damaging programs onto devices without your knowledge. Do not pay the ransom if affected by ransomware. There is no guarantee that paying. The ransom will fix your computer, and it could make you vulnerable to further attacks. Restore your files from backup and seek technical advice.
How it works
The Emotet malware appears as a normal or useful file attachment in emails (.doc, .docx, .pdf). But includes hidden code which allows cybercriminals to access and control your devices or computer systems. It can also appear as a website hyperlink in emails.
Emotet malware infects devices or computers if users click on links or open files in these emails. You know, or an organisation you deal with.
The malware forwards itself to all the users’ email contacts, increasing the likelihood of further infection.
Here is an example of one of these emails, but it can come in many different formats.
How do I stay safe?
Always use caution before opening emails and attachments, and clicking on links.
To prevent malware infection, the ACSC recommends you take the following steps immediately:
Disable Microsoft Office macros. (Macros are small programs used to automate simple tasks in Microsoft Office documents but can be used maliciously – visit the Microsoft website for information on disabling macros in your version of Office.)
Make sure you have an offline backup of your information.
Members of the public have reported receiving scam emails. It appear to come from their own email account. Threatening to reveal intimate images of them unless they pay a fee.
This email scam is widespread, with the Australian Cyber Security Centre. Office of the eSafety Commissioner and Scamwatch receiving over 300 reports from the public this week.
How it works
This scam uses a tactic known as ‘sextortion’ – a form of online blackmail where a cybercriminal threatens to reveal intimate images of someone online, often to their friends and family, unless they pay a ransom quickly (often in cryptocurrency).
The scam uses ‘spoofing’ to make the email look like it’s come from also your own email address. Email spoofing occurs when email addresses are manipulated to come from a different source, but display as a legitimate address. This is a technique commonly used by cybercriminals to make their scam seem real.
If you also receive one of these emails, don’t give the perpetrator any money or images, and stop all contact with them.
If you’re concerned about your physical safety, call Triple Zero (000) or contact your local police.
Change your passwords for all social media and online accounts – including your email account – straight away, and review your privacy and security settings.
Cybercriminals can also use your personal details to their advantage, like manipulating your email address if it has been caught up in a data breach. You can check if any of your email addresses have been in a data breach by visiting https://haveibeenpwned.com/