Search Results

Share Article:

Facebook Twitter Linkedin Mail

Tag: scams

How to patch a human: our cyber security influence explained

Cyber Security Business tips

Posted on March 22, 2019

1 min read

Cyber security preparedness is built on three pillars: people, processes, and technology. While technology is a critical element of an effective cyber security program, alone it is not enough to protect against modern cyber threats.

It’s not only hackers, corporate spies, or disaffected staff who present a threat to organisations; in most cases, breaches are often unintended consequences to mistakes made by non-malicious, uninformed employees.

In the Office of the Australian Information Commissioner’s 1 July — 30 September 2018 and 1 October — 31 December 2018 reports, it listed human error as a major source (37 and 33 percent respectively) of reported breaches.

While the largest source of reported breaches (57 and 64 percent) was attributed to “malicious or criminal attack”, a significant proportion of these exploited vulnerabilities involving a human factor, such as tricking employees to click on a phishing email or to disclose their passwords.

These figures illustrate the fundamental role security awareness can play in an organisation’s cyber security defences, and how a strong security culture can act as a ‘force multiplier’.

The True Story of a killer identity thief

Cyber Security Consumer advice

Posted on November 28, 2018

5 min read

Mexico fell for Michael Finkel. The charismatic New York Times journalist, now raconteur, was on assignment covering Mayan mysticism in 2001. He held easy court with tourists and locals; Finkel’s pursuit of the dangerous and different had thrust him on the trail of black-market organ traders, reporting the tragedies of the Gaza Strip’s dying child soldiers, and travelling in the leaky hull of a Haitian boat that almost killed him and 40 refugees.

Janina Franke, an amateur photographer, fell hardest for Finkel. After a chance meeting they travelled south where she would score a massive career break snapping photos of Mayan ruins for Finkel’s piece in the Times.


Michael Finkel at the IAPP conference. Image: Darren Pauli, Telstra Exchange

Franke made it to the Mayan port city of Tulum, 130 kilometres south of Cancun, but she never got her break. She watched as Finkel, real name Christian Longo, was pulled out of a cabana by a swarm of armed police bearing a US federal arrest warrant.

Longo had co-opted the identity of the real Michael Finkel having fled Portland, Oregan, where he was wanted for the gruesome murder of his wife and three children.

“He (Longo) chatted with tourists in Mexico about stories he said he had written, quoted from them,” the real Finkel told us while in Melbourne for the IAPP privacy conference. “They all unquestionably believed he was Michael Finkel from the New York Times.”

According to those he charmed Longo was polite and intelligent, “totally cool”, with a good sense of humour. He scrawled notes, memorised articles, and gave budding writers a fake Times email address to make his possession of Finkel’s character total.

Finkel heard of Longo’s exploits from a local journalist and soon arranged to meet the murderer then, and now, incarcerated on death row in Oregon State Penitentiary (there is a moratorium on executions in that state).

He did not, as some identity theft victims do, feel assaulted by Longo’s co-opting of his identity. Longo did not steal Finkel’s passport, drain his bank account, or hack his social media. He just studied the journalist to a level of intimacy that he could become him. The co-opting of identity made the journalist curious.

Longo first wanted to prove Finkel was the real Finkel. In a twist of irony the journalist struggled to answer Longo’s 13-question identity quiz that drew on minutia contained in Finkel’s stories filed over years. “It was this existential conundrum,” Finkel says.

Identity crisis

Longo, now 43, always wanted to be a globe-trotting journalist writing stories on the weird and wonderful. In short, he always wanted to be Finkel. Instead he married at 19 years-old, had three children, and over years turned a failing business into a web of deceit that would ultimately drown his family in debt.

His hijacking of Finkel’s identity at a time when Finkel was out of a job quickly drew the writer to Oregon State Penitentiary’s visitor’s centre.

Finkel says he would not ordinarily be drawn to speak to a murderer. He pursues curiosity and complexity, not distasteful and often unidimensional killers.

But it was the duplicitous character of Longo – a Proteus who in one instance was a witty and highly intelligent (his IQ was measured at 130) man and at another a mendacious murderer – that appears to have kept Finkel glued to what became an intensely personal story spanning years.

“If Christian Longo was sitting right here, he’d be funny, he’d be witty,” Finkel says. “You would have no idea he did something so unimaginable.”

Finkel tells the story in the nonfiction book True Story, also a major film adaption by the same name. He tells how he scrutinised Longo’s initial claims of innocence, witnessed how the murderer disassociated with his fellow death row prisoners, of whom many were also murderers, telling Finkel in a letter that he was “surrounded by so much degeneracy and perversion”, and watched and even assisted Longo’s attempts at redemption.

His latter act of redemption was a push to allow prisoners to donate their organs during their incarceration and at their point of execution. Reforms did eventuate that allowed prisoners to donate.

Finkel, himself now a father, has cut ties with Longo, and is pursuing his next story: a master art thief who stole a billion euros worth of art.

“I’m genuinely interested in these people,” he says. “More than, say, CEOs and popstars.”

Beat scammers, score deals, this Black Friday

Cyber Security Consumer advice

Posted on November 23, 2018

3 min read

Black Friday, the US$5 billion mega sales event infamous for its crowd-crushing stampedes and squabbles, lands today. And scammers are ready.

The post-Thanksgiving sales day has remained the busiest on the American calendar since 2003 when it overtook the weekends leading to Christmas.

While a chiefly American affair, Black Friday and its sister Cyber Monday have seeped into the Australian retail sector with many major retail outlets lining up cut-rate deals.

The sales bonanza makes it as much a magnet for scammers as the consumers they target.

Fake discount offers and dodgy pop-up web stores are the threats consumers are most likely to encounter, experts say.

Veterans in the anti- phishing and scam sectors in Australia tell us scam stores spun up by criminals on Facebook are the biggest of these threats to shoppers.

These stores, which Facebook actively combats, are often created and advertised on the social network as a place to buy brand name goods like clothing and jewelry.

Operators close the stores after orders have been placed and paid, running off with the proceeds and leaving consumers empty-handed.

Threats arrive in inboxes too. Fake discount vouchers and false offers of cut-rate goods are the most common here around Black Friday, also appearing as SMS, spurious websites and online advertisements, and in various instant messaging apps.

Phishing emails and messages, however, are unlikely to increase over this fourth quarter, contrary to long-standing suggestions by many cyber security companies.

Analysis of quarterly reports dating to 2013 from the independent Anti Phishing Working Group reveal no consistent increases in the number of phishing domains, emails, or targeted brands over the November-December period.

Any increase over quarter three of a given year is offset or exceeded by falls in ensuing fourth quarter. There is no consistent bump in the number of phishing sites or emails seen by the Group or reported to it by organisations and members of the public.

Veteran security experts in the space also agree phishing does not increase in the lead up to the festive break.

While an informed mind can avoid many sales scams, much of the fraud set to occur in the coming weeks will stem from attacks which shoppers can do little to prevent.

Online stores compromised by hackers lead to some of the biggest losses of credit cards. Criminals silently break into these stores and siphon and store card details as they are processed through checkouts.

Many cards are then sold in batches on illegal marketplaces and forums.

These attacks are often due to stores’ outdated content systems and payment checkouts, or to a myriad of common security flaws the fixes of which have been known for decades.

Shoppers may able to claim reimbursement for fraudulent purchases if they use a credit card or service such as PayPal.

Tips for staying safe online

Cyber Security Consumer advice

Posted on November 19, 2018

2 min read

We are constantly looking for ways to help our customers spot scammers and fraudulent activity in an increasingly connected world, where the rapid uptake of new technologies and increased connectivity provides many advantages, but also new avenues for crime and fraud.

Scammers can use multiple ways to get information from us. Deception is one way, where they try to trick or influence people into divulging confidential or personal information that then may be used fraudulently. This is called ‘social engineering’ and the scammers can get this information through phishing emails and scam calls. This information could then be sold online or used to facilitate criminal activity like identity theft or to access your bank accounts.

Often personal information is also found on the internet through social media accounts and can be used without an individual’s awareness. We encourage everyone to do a review of the security settings on their social media accounts, check that personal data is not publicly available and implement ‘two factor authentication’ – this is where social media companies provide an extra layer of security that requires not only a password and username, but also in some cases, you will be sent an email or text message with a security code to input.

Call scams by any name you want, but at the end of the day, they are designed to steal and trick you into surrendering your personal details, take control of your computer or launch malicious software (malware) which could steal your sensitive information.

We have some blogs that you can read that provide some handy tips:

Other online assistance can be found at:

Tags: fraud, scams,

Tips to help spot a scam email

Cyber Security Consumer advice

Posted on June 15, 2018

5 min read

Email is a great tool. It’s quick, available 24/7 and can be accessed from almost anywhere. However, those same conveniences are also afforded to scammers, who regularly use email to target their victims. Scammers also typically impersonate well-known companies – including Telstra – to make their scam emails more convincing.

What are scam emails?

Scam emails generally fall into two categories:

  1. Those that ask you to provide personal or sensitive information (phishing), or
  2. Those that include attachments or links intended to install malicious software (malware) on your device.

Ultimately, scams come in all shapes and sizes – some ask for personal or financial information, and some come with hidden nasties like malware. Regardless of what category they fall into, they’ll often impersonate legitimate company communications – like Telstra bills or correspondence – in an attempt to make them more convincing and trick the reader into providing the information, opening the attachment, or clicking the link.

What should I look out for?

It’s important to note that while these kinds of scams have evolved over time, the tips on how to protect yourself remain the same.

  • Listen to your gut. If you encounter something unsolicited, unexpected, too good to be true, or coercive, or anything that asks for personal or financial information, double and then triple check it by asking others, calling up the organisation on its official number or searching online for any background information on the sender or offer.
  • Beware of unsolicited requests for sensitive information – don’t open attachments or click on embedded links in emails or sites you don’t know or trust.
  • Pay close attention to the sender’s email address and any links in emails for anything that doesn’t look legitimate.
  • Never respond to a request for personal or financial information in an unexpected email.
  • Make sure you always apply the latest updates to all your devices and software.
  • If a phishing email contains information like an account number, cross check that the details correspond with the details on a previous official email.
  • Be suspicious of unaddressed or generically addressed emails, such as “Dear Customer”.
  • Beware of emails that include a zip file, an .exe or other suspicious attachment.

What should I do if I think I’ve received a scam email?

If you think you’ve received a scam email, here’s what to do next.

  • Avoid opening suspicious or unsolicited emails – delete them directly from your inbox.
  • If you get a suspicious email, don’t reply to the email or open attachments or links.
  • If you do click on a link in an email and are directed to a website, do not enter any personal or financial information onto the site.
  • If you’ve received a scam email that looks like it’s from Telstra, tell us about the scam by submitting a Report Misuse of Service form and include as much detail as you can. Our Cyber Security team will investigate the report and may be in touch if they have additional questions.
  • If you do open an attachment or click on a link, make sure that your computer’s operating system and anti-virus software is up to date. Consider running an anti-virus scan of your computer.

What should I do if I think I’ve been a victim of a scam?

If you believe you have become a victim of a scam, there are a few tips we recommend to help you get things back under your control:

  • Stay calm. As frustrating as it is to learn that you may be at risk, keeping focussed and calm will help you manage your response properly.
  • Think carefully about what information, or access, you may have provided to criminals. Take an inventory and write down what you remember sharing or entering into any fraudulent web sites.
  • If you provided banking or other financial details such as a credit card number, contact your financial institution immediately. Be sure to monitor your accounts closely in the future as well.
  • If you provided any usernames or passwords, immediately change your passwords to a new and secure version.
  • If you’ve shared other personally sensitive information, such as your driver’s license number, Medicare, passport or contact details (such as your phone number or address), then you may want to visit IDCare at https://www.idcare.org – they can help you formulate a response plan to address potential identity theft.
  • Consider filing a report to the Australian Cybercrime Online Reporting Network (ACORN). This will assist law enforcement become better resourced to provide assistance to victims.

Stay Safer Online

If you think you have been compromised by malicious software, spyware or a virus, our Telstra Platinum team can provide advice. And they can help you detect, remove, and protect your devices with Telstra protection services or by configuring what you already have. Call 13 75 87 or for more information visit telstra.com/platinum.