Search Results

Share Article:

Facebook Twitter Linkedin Mail

Tag: cyber-safety

Have you had an unexpected missed call recently?

How to

Posted on February 12, 2018

2 min read

Have you received a missed call from Cuba, Ascension Island, Cameroon, Slovenia or another international destination?

Many of our customers are reporting an increase in missed calls from international destinations on their home and mobile phones. No message is left by the caller, and in some cases several calls are received over a short period of time.

What’s going on you ask? Well, it’s a scam – one designed to tempt you into calling back. I’ve even received several of these calls myself.

Whatever you do, please do not call the number back.


This is a modern variation on a scam that has been around for many years. Scam callers set up international numbers and target a large number of telephone numbers (mobile and fixed) across a multitude of countries, including Australia.

These calls may arrive at any time and in some cases, multiple times to make you feel as though the calls are intentional and therefore enticing you to call back. The call then may be connected to a premium number, where the caller is put on hold after connecting, resulting in a large bill.

Our advice is:

  • Don’t call back any missed calls to numbers you don’t recognise (particularly international numbers)
  • Block unwanted numbers – this can be done via your mobile handset
  • If you have children with mobiles, you may want to check whether they have International access, and if so request through your service provider that this is barred.
  • If you have elderly relatives or friends let them know about the scam so they do not return the call

We need to keep our eyes and ears open as there is not much we can do about these callers. It is an industry-wide issue affecting all carriers and countries.

If you have been caught out, and ended up with a large bill – please give us a call to discuss.

And remember – don’t return calls to international destinations you don’t recognise!

This year, Safer Internet Day is all about R.E.S.P.E.C.T

Telstra Foundation

Posted on February 6, 2018

1 min read

Happy Safer Internet Day! This is a day where hundreds of organisations, including Telstra, from 130 countries band together to help raise awareness about how we can make the online world a safer place. That’s a lot of people power.

This year’s theme is about showing respect for others online, and we thought we’d get up close and personal – because when it comes down to it, online respect starts with all of us.

Safer Internet Day is a great reminder to reflect on our own online behaviours – when we email, text, post on our social feeds, like, upload and download. We’ve pulled together five questions – with no judgement, but just a little bit of self-reflection. How many can you say yes to?

Password changes a must after world’s largest hacked credential drop

Cyber Security

Posted on December 14, 2017

2 min read

We are recommending that people change their online account passwords after a database of 1.4 billion cleartext (unencrypted) credentials leaked into the public internet. The database has been compiled using data obtained from over 250 high profile global security breaches of private domains (none of which are associated with our network, assets or services).

The leak, the largest in history, offers criminals a clean human-readable list of email addresses and passwords which could be used to gain unauthorised access to a large number of accounts automatically and at breakneck speed.

Its clean formatting structure, in which credentials are presented as ‘email: password’ and nested in a highly organised fashion, means it stands apart from other breach listings which are typically jumbled and difficult for criminals to make easy use of.

Email accounts listed in the database are most at risk of compromise, however, criminals can and do test those credentials against a variety of popular websites in the event that individuals caught up in this breach have reused their password.

An easy way to maintain unique and complex passwords across your accounts is via the use of a password management tool, allowing you to make password management set-and-forget.

LastPass is one of a handful of offerings and is a free-of-charge application that works on web browsers, iOS, and Android, allowing you to set unique and highly complex passwords while needing to remember only one ‘master password’.

We also advise that you do not register for personal online accounts using your work email address. This is because criminals will likely attempt to use your work email address and exposed password to break into your work accounts.

An example could be that a customer has used their work email, allanc@businessname.com.au, to sign up to an online florist using the same password. If that florist was breached, criminals could deduce from the email address the customer’s place of work and then use the email address and exposed password to log into that business.

Tags: cyber safety,

You are your best defence as SMS malware Marchers on

Tech and Innovation Cyber Security

Posted on December 11, 2017

2 min read

Criminals have applied a fresh coat of paint to an old but dangerous Android malware campaign targeting consumers in countries including Australia over SMS.

The Marcher malware first appeared in 2013 targeting Russian users. Since then it has matured and now targets victims in multiple countries, including Australia.

Marcher is sent through messages that make various claims including masquerading as Telstra, a major Australian bank, or an energy company. These ruses are whatever the criminals think may work.

We have seen since November malicious SMS messages from Marcher asking recipients to install applications after they browse to a malicious site. The website will attempt to download an application installation file (.apk) containing Marcher if it determines the victim is operating an Android device.

Apple iPhone users are not exposed.

One type of Marcher installation instructions as part of a cyber security breach
One type of Marcher installation instructions. Credit: zscaler

Modern Android phones will protect victims by throwing up warning messages which victims must approve for the malware to be installed.

Marcher, if granted the approvals it requests such as installation from unknown sources, can replace online banking forms to steal any information the victim is tricked into entering. Using this and many other advanced techniques, it can steal large amounts of money from victim bank accounts.

You can protect yourself against Marcher, and large swathes of other malware forms like it, by adopting a security mindset.

Here are some tips from Telstra security experts for you to consider. Apply these on all devices you use, for email, SMS, and any other digital communication medium you use.

Regarding protections and best practices:

  • Never click on links sent to you in unexpected SMS or MMS messages;
  • If you do inadvertently click, never install any software that you may be prompted to install;
  • Ensure your mobile device is fully updated to the latest version of its operating system;
  • For Android, do not enable the ability to install software from third party or unknown sources (Settings -> Security)

Generic remediation instructions:

Mitigation and remediation options Resources
Remove malware application IOS

Android

 

Factory reset

(this will wipe local phone data)

IOS

Android

 

Tags: cyber safety,

Peak season shopping, peak cyber security measures

Tech and Innovation Cyber Security

Posted on December 11, 2017

4 min read

Black Friday, Cyber Monday, the last leg to Christmas. Tis the season for online shopping, and a time for retailers to be excited about.

In 2016, almost $5 billion dollars was ready to be spent by Australians in the 30 days to Christmas, according to the Retail Council. Online shopping peaked in the first week of December, and it is likely this will occur again. While shoppers are busy trawling stores on the Internet, cyber criminals are also on the hunt for a good bargain. 

And as cyber criminals set their sights on data theft, we are seeing a number of cyber breaches targeting retailers globally. International brand Forever 21 reported a data breach in November 2017, and Target in the US paid $25 million to the US government in May 2017 following a multistate data breach, where hackers accessed 40 million credit and debit card details held by the retailer. On home soil, the Office of the Australian Information Commissioner (OAIC) will require all retailers with a turnover of more than $3 million dollars to report a cyber-attack; potentially alert all affected personnel and make a public apology starting early 2018.

Retailers will always remain on the hit list for cyber-attacks as a host of personal and financial information are retained as part of business operations. During this key business period, a ransomware or a Distributed Denial of Service (DDoS) attack are both likely to occur, with the potential to cripple businesses and successfully commit a data breach. While stressing over inventory, shipping times, and managing increased traffic loads on website are important, ensuring a robust cyber security plan is equally crucial to prevent potential downtime, loss of business and most importantly, maintaining the trust of customers.

There are certain simple measures businesses can take to protect itself. First on the list, ensure employees remain vigilant. People are often the weakest link in cyber security, with phishing campaigns the most popular method to deliver malware. Our Telstra Cyber Security Report 2017 revealed that approximately one-third of both Asian and Australian businesses experienced a phishing email incident which impacted their business monthly in 2016. Phishing emails are often disguised as delivery, invoice or utility notices, and when an end-user opens an attachment, it delivers malware to the end user’s device. Education and awareness are key to protecting your business from falling prey to attacks.

Consider the Telstra five knows of cybersecurity, and see how we’ve matched this back to your online shopping business:  

  1. Know the value of your data: Personal and financial information are prized by hackers; but do you really need to retain and store all information? Consider what is essential, and trim down on saving unnecessary data to minimise risks.
  2. Know who has access to your data: Your employees are an obvious group, but what about your trusted suppliers and vendors? Map out all possibilities and keep a list. 
  3. Know where your data is: Your data might be hosted in the cloud, but it can also be stored on Point of Sale (PoS) system in your physical store.
  4. Know who is protecting your data: This is mainly operational – who is keeping watch on your behalf, how can you reach them and what cybersecurity processes are in place?
  5. Know how well your data is protected: Ensuring SSL encryption for online payments, or imposing a more complex password option are ways you can help protect your information, and that of your customers.

Beyond the ‘five knows’, opt for different cyber security services to leave your businesses security in the hands of trusted advisors. Consider a Denial of Service Protection (DoSP), which monitors your web traffic and filters only legitimate customers to access your site. Or look at a managed cloud content security system, which detects vulnerabilities and defend your business from web threats. With the right measures in place, you can safely bring festive cheer to everyone looking for that perfect gift.

Tags: cyber safety,