Search Results

Share Article:

Facebook Twitter Linkedin Mail

Tag: cyber-safety

Keeping your smartphone as safe as houses


Posted on June 17, 2019

2 min read

Our lives can now be found in our pockets: email, both work and personal. Favourite shops and restaurants. Banking. Our social lives. Our smartphones are a gateway to the world, but are also a detailed record of our lives – past, present and future. Like our home, everything that we are can be found in it.

We are told all of the time that online is the new frontier of crime: Identity theft. Scams. Hacking. Stalking. The message is clear: BE AFRAID! BE VERY AFRAID! Couple this with the constant juggle of modern life and an overload of information and paralysis can set in.

Research conducted for the Australian Digital Inclusion Index in 2018 shows that almost two-thirds of Australians feel that technology is changing so fast that it’s difficult to keep up with it.

Although it is important to know the risks out there, it is more important to put fear aside and take control – think of your smartphone like a house. 

Like keeping your house secure, keeping your smartphone secure is simple:

  1. Adjust your privacy and security settings, as they help you control the information that apps can access from your phone.  This is like shutting the blinds to stop people seeing in from the street.
  2. Set your apps to automatically update on Wi-Fi, as these updates often provide fixes for known security faults.
  3. Use 2-step authentication where available on apps and accounts for that extra level of protection. This is like having a lock and an alarm for your home.
  4. All our online apps and accounts have passwords – but we all forget these and have to reset them from time to time. Make sure that the password that protects the email address where your recovery passwords are sent is unique, long and strong. This is just like keeping your house key somewhere safe.
  5. You could even use a password manager so that you don’t need to remember all those different passwords.

Remember, YOU control your smartphone. With so much information on there, keep it safe as houses.

Blocking websites hosting footage of the Christchurch terrorist attack

Telstra News

Posted on March 19, 2019

1 min read

We have moved to temporarily block a number of websites that continue to host footage of Friday’s terrorist attack in Christchurch. We understand this may cause inconvenience for some legitimate users of these sites but these are extraordinary circumstances and they required an extraordinary response.

We appreciate that it is necessary to ensure free speech is carefully balanced against protecting the community – but with these sites continuing to host disturbing content we feel it is the right thing to do to block them.

These are shocking events and the idea that this footage could in some way be used to incite or support hate is a sickening thought. We will continue to do whatever we can to assist and to support a diverse and inclusive community.

For kids, spotting scams in Fortnite is child’s play


Posted on October 18, 2018

4 min read

Staying safe online is hard. The average person has little understanding of the many ways they can be targeted, or of the controls they can use to make themselves harder to hack.

But I was pleasantly surprised last month to find the younger generations a little savvier. Dozens of year five and six kids threw up their hands to recount stories of how scammers had tried to con them during a presentation I gave to a primary school in Melbourne’s south.

Most of those stories are related to Fortnite – a video game that seemingly counts every other kid in Australia among its 125 million players – and that was the context in which I spoke of cyber security. These digital natives are growing up in a world where amorphous digital thieves plying for their personal information and passwords is normal.

Click to download our kid-friendly Fortnite security tip sheet

Flashing banner ads, pop-ups, and scammy direct messages and posts that confound some of us seem boring and obvious to them.

Take Dylan – this switched on fifth-grader was targeted by scammers while playing Fortnite.

The bad guys spoke to him over in-game voice chat in a bid to convince him to disclose his game account details, promising to deposit a free stash of the in-game Fortnite currency known as V-Bucks.

I asked him what he did next. “I ignored them, played a few rounds, beat them, then left.”

Dylan was just one of the many kids who appeared cool and unflustered in the presence of such attacks.

Children are by no means immune to compromise; I’ll bet my last dollar that a targeted attack would net all of them (except perhaps for remarkable six-grader Annabelle, who spotted and called bluff on a tailored social engineering effort).

This means they, like us, must take the time to learn how to use the cyber security defences at their disposal to help protect themselves.

These defences can make the user experience a little more clunky, but they are immensely powerful and will send all but the most dedicated hackers looking elsewhere for victims.

A great defence to start with is switching on two-factor authentication for any of your accounts that offer it. I also recommend using a reputable password manager such as LastPass or 1Password.

The best defence is inside your head

Online defences are easier to use than ever thanks to concerted efforts by the cyber security industry over the last decade. But they are still more stick-and-clutch than driverless car.

Ultimately, you are your best defence.

As the driver, you need to look out for threats on the road. This requires a mindset that is likely much more skeptical than what you employ in the physical world.

This mindset requires distrusting the unexpected, regardless of its source. Consider phishing messages – these can bear few hallmarks of a scam, and almost perfectly replicate trusted brands and organisations.

They can be fluent and free of typos and appear to come from organisations you know, use, and trust. They may even start as a benign conversation (such as romance scams) in a bid to build rapport with victims.

Your best defence here is to adopt the skeptical mindset and worry less about the classic hallmarks of a scam.

This means ensuring messages with links, attachments, bank accounts, and phone numbers are expected before using them, and verifying those that are not using official websites or trusted search engines such a Google or Bing.

This advice seems unwieldy because it is. There is no glossing over this fact. But it is the best way to defend yourself against continually evolving online threats.

And with it you will build experience and cyber security savvy – something our kids seem to already have in spades.

Tags: cyber safety,

‘You got me’: Woman busts romance scammer after six month stint

Cyber Security Consumer advice

Posted on May 25, 2018

6 min read

It took six months for Kathryn to fall in love with Michael, but only minutes to reveal him as a romance scammer.

Accusing Michael of being a scammer was an unusual act of assertiveness for the reserved 55-year-old healthcare worker from the NSW Central Coast.

It was an unlikely act too; Kathryn (not her real name) had every reason to believe Michael was the caring, genteel man he presented as. They spoke regularly over the phone and, from his would-be London apartment, Michael arranged gifts of flowers, chocolates, and movie tickets.

Kathryn, divorced from a decades-long marriage and facing an intimidating and foreign dating scene, thought she had found in him a diamond in the rough. He was worth the long-distance relationship.

Through friends, she tells us how her relationship with Michael, which began on a dating site in late 2016, before quickly switching to email and social media, became possessive in its latter weeks. Facebook messages appeared more regularly in a tone that, with the benefit of hindsight, seemed more demanding: “what are you doing online”, “who have you been speaking to” they asked.

Michael was set to travel to Australia mid last year. They were both excited. Days before he was set to fly, he sent an exasperated message claiming he bought the wrong non-refundable plane ticket and that his passport was cancelled for elaborate reasons. He needed $7,450 to cover fares and fines.

Kathryn’s online sleuthing about his predicament gave her pause to reflect on his frantic request for money, and his escalated messages.

He called again, and she answered. “I think you’re a scammer,” she told him. A beat, then, a laugh. “Yeah, you got me,” he said. “But you know what? I’ve got 12 of you on the go.”

High-pressure sales

It’s impossible to know how Michael operated. He may have been a lone wolf. Or he may have worked in a call centre alongside other scammers.

“I’m convinced [romance scamming] is their day job,” says Sean Lyons, director of technology and partnerships at Netsafe, an online safety non-profit based in Auckland, New Zealand.

Lyons has not seen evidence of romance scammers operating in coordinated international networks, but says he sees indications – business hour operations and consistent messaging structures for example – that some scammers work in call-centre style environments.

“There may be much larger operations where you have [scammers] working in shifts and handing off to each other,” he says. “They may have CRM (customer relationship management) systems and work an account (a victim) in the same way that staff in high-pressure sales do.”

In such an environment, text messages to victims could be written by any scammer while voice calls would be made by a consistent perpetrator.

There is further evidence of romance scammers coordinating their operations. FBI Special Agent, Christine Beining, said in February last year that romance scammers typically work together sharing intelligence on vulnerable victims.

“From what we can tell, these are usually criminal organisations that work together,” Beining says.

“And once a victim becomes a victim, in that they send money, they will oftentimes be placed on what’s called a ‘sucker list’ [where] their names and identities are shared with other criminals [for] future recruitment.”

Lyons agrees that romance scammers are likely to organise. At present, evidence from Netsafe’s now shelved Re:scam artificial intelligence-like chat bot – which sent more than a million email replies to scammers in a bid to waste their time and energy – indicates a scattergun mass-email approach to targeting victims.

Reach out

Victims of romance scams are not stupid or gullible. They can be anyone.

Romance scams are deliberately ‘hyper-personal’, meaning they are of an overly intense nature that is designed to capture and isolate victims.

University of Warwick professor, Monica Whitty, in a paper published in February this year revealed victims are typically “middle-aged, well-educated women” who “tend to be more impulsive, less kind, more trustworthy, and have an addictive disposition”. Whitty’s work is designed to assist in the development of scam preventive and awareness programs.

Defence against romance scammers is tough for those involved in online dating. The Federal Government’s Scamwatch site has good advice which centres on not sending money to partners and provides clues to help spot fake social media profiles.

More broadly, experts agree that those in online relationships should keep trusted friends abreast of significant events including any plans to travel or requests for monetary loans.

“Talk to someone not connected to the romance before a major event,” Lyons says.

“A dog dying in surgery, a passport not coming through, or bribes to corrupt regimes; talk to someone who isn’t in love with the person before you put pen to paper on that Western Union slip.”

As a last resort, Lyons says, those intent on wiring money to their love interest should stick to official and local credit card networks which can offer traceability that Western Union and other non-conventional payment providers cannot.

Academics have examined other hallmarks of romance scammers. They reveal psychological manipulation as a universal tool in romance scams which includes techniques akin to domestic violence.

Queensland University of Technology academics, Cassandra Cross, Molly Dragiewicz, and Kelly Richards, describe the four signs of this manipulation including isolation, monopolisation, degradation, and withdrawal.

If this story has raised any issues for you and you’d like to speak to someone, call Lifeline on 13 11 14 or Beyond Blue on 1300 224 636.

Businesses held to online ransom

Cyber Security Business tips

Posted on May 24, 2018

5 min read

Ransomware last year brought to a halt a chocolate factory, a metropolitan council, and an accountancy firm among scores of other Australian organisations by turning mission-critical data into an unreadable mess. But much of the impact from the events could have been reduced with a well-oiled business continuity plan.

Ransomware is a class of malicious software that encrypts data so it cannot be read or used by applications. Its perpetrators often promise to supply a decryption key to return the data to a normal state only after a ransom is paid.

The number of organisations impacted by ransomware is unknown since victims are often unwilling to report incidents to authorities, however, security companies claim in surveys that almost half of Australian businesses have been impacted by ransomware.

Some businesses are hit multiple times; Exchange knows of one accountancy firm that was hit three times by ransomware losing data each time, despite having attempted to recover and mitigate after each attack.

The financial impact to businesses can run into millions of dollars per incident with much cost ascribed to downtime and recovery efforts. Ransom demands by those behind the most effective ransomware forms is regularly tens of thousands of dollars.

Risky click and a mean trick

Ransomware is delivered through a wide variety of mechanisms. The most common forms of ransomware such as Cryptolocker may be sent by criminals in phishing emails, or woven into booby-trapped downloads or websites which then infect the computers they are exposed to.

Other ransomware forms such as the global cyber attacks known as Wannacry and NotPetya spread without the need for people to open email attachments or dodgy downloads. They did this by targeting vulnerable functions of computers and networks that were left turned on, loosely akin to thieves slipping through open doors.

Much of the defence against ransomware comes down to good security practice. This includes not running software from untrusted sources like unofficial websites and unknown email or chat conversations, and in ensuring systems are set to automatically apply updates (patches) when they are available.

Security vendors including ESET have created jargon-free guides for technical defences against ransomware which recommend patching, disabling a function called RDP, and filtering executables in emails.

However, business continuity plans are some of the more overlooked yet simplest controls that can help mitigate the large cost of business downtime from ransomware infections.

Lights on

Ransomware can and has stopped global shipping supplies. It has thrown hospital emergency rooms into chaos, brought down the biggest Hollywood movie studios, and forced countless businesses back to pen and paper.

“Business continuity planning might not save you from ransomware but it may save your reputation or your share price,” says Mark Cohen, a Melbourne-based business continuity manager at Telstra. “It will show you can operate in a crisis.”

Cohen says business continuity planning applies to all organisations, from the “fish and chips shop to a doctor’s surgery to enterprises” and helps in a large number of disasters, beyond ransomware.

To avoid disaster in ransomware incidents, all businesses must back up their critical data on a regular basis on different mediums following the 3-2-1 rule. This means the original copy should be backed up on two different mediums, say a cloud service and a disk drive, with the disk drive stored in a physically separated location. Cloud services and any drive connected to business computers via cables or WiFi can be affected in ransomware attacks.

“With back-ups in place, the mindset of how to operate when tech systems go dark and data is inaccessible is key”, Cohen says. Business owners and staff should think about where their critical data is, and whether it is readily and immediately available offline in the form of offline and isolated storage like USB sticks and external disk drives, or on paper documents.

“Ask yourself what are you going to do in a disaster to continue to provide service to your customers?” Cohen says.

Restoring from back-ups can take a long time. And, while some major ransomware forms are as-yet impossible to unravel and are sent by attackers who honour ransoms with decryption keys, other forms are poorly-built and can never be decrypted.

It is the expensive downtime between the restoration of back-ups or the wait for decryption keys that Cohen’s planning hopes to reduce.

“[Recovering from] ransomware is more than just file retrieval – it’s about what you are doing when that is happening and how you are addressing your customers,” Cohen says.

“Plans must be tested too. The first test run is the most arduous with each iteration becoming easier with small tweaks added to the central plans,” Cohen says. “It is there that you discover your recovery time capability (RTC).

“Business continuity planning clauses are written into major contracts so having one, practicing it, and demonstrating its effectiveness will help you win and retain business – along with helping you, your manager, and your shareholders sleep well at night.”