Category Archives for Scams

Cyber Threats – What are the common threat types?

The cyber threat to Australian individuals and organisations is undeniable, unrelenting and continues to grow.

You could be a target even if you don’t think the information held on your networks is valuable, or that your business would be of interest to cyber adversaries.

Many organisations are at risk purely because they are vulnerable through unpatched software or unaware staff members.

Common threats impacting Australians include

Malware

Malware is software that cyber criminals use to harm your computer system or network. Cyber criminals can use malware to gain access to your computer without you knowing, in targeted or broad-based attacks.

Ransomware

Ransomware is a type of malware that denies access to files or computer systems until a ransom is paid.

Distributed denial of service

A distributed denial of service (DDoS) attack is an attempt to make an online service unavailable by overwhelming it with traffic.

Unauthorised cryptomining

Cryptocurrency mining (cryptomining) software uses a system’s processing power to solve complex mathematical problems, in return for a type of digital currency.

Unauthorised cryptocurrency mining (also known as cryptojacking) is where a website or software on your computer does this cryptocurrency mining without your authorisation. It is now the most popular cyber attack method.

You could be a target even if you don’t think the information held on your networks is valuable, or that your business would be of interest to cyber adversaries.

Malicious insiders

Malicious insiders are people such as employees, former employees, contactors or business associates who have inside information on your computer system, data or security, and access it for their own purposes.

Identity theft

Identity theft is when a cybercriminal gains access to your personal information to steal money or gain other benefits.

Phishing

Phishing is a method of stealing confidential information by sending fraudulent messages to a victim. It is one of the most prevalent scams reported in Australia.

Email scams

Criminals use email to manipulate or trick you into unintentionally sharing personal information, financial details, or money.

Phone call scams

There are many ways scammers try to get your information or money over the phone. They will usually pretend to be from a well-known organisation, such as a government agency, a utilities provider, Australia Post, a bank or the police. They can be incredibly convincing.

Dating and romance scams

Scammers often approach their victims on legitimate dating websites before attempting to move the ‘relationship’ away from the safeguards that these sites put in place, for example, by communicating through other methods such as email, where they can more easily manipulate victims.

Unauthorised cryptocurrency mining (also known as cryptojacking) is where a website or software on your computer does this cryptocurrency mining without your authorisation. It is now the most popular cyber attack method.

Secondary Targeting

Secondary targeting is where cyber adversaries try to gain access to networks of companies that provide products or services (e.g. through outsourcing arrangements) as a means to get to their higher value customers.

Prevention

Prevention is far better than cure. Ensuring your network is configured and aligned in line with the Australian Government’s “essential 8” recommendations is the bare minimum required.

Utilising an external IT support company that specialises in cyber security is also a good idea. Domain Digital not only specialises in preventative measures and ongoing, proactive day to day support of your system, we also have a cyber security education and training platform that can assist you and your staff form ever being “caught out”. Simply visit www.domaindigital.com.au or call (08) 9441 6300 to find out more.

Business email compromise – a fast growing scam, how not to be a victim.

Cyber.gov.au recently advised that the Melbourne Joint Cyber Security Centre (JCSC) hosted a two-hour seminar yesterday on Business Email Compromises (BECs), which many cyber security experts consider to be the major current cybercrime threat to business.

The seminar provided information to small and medium business representatives, as these sectors are particularly targeted by cybercriminals who are perpetrating BECs.

The JCSC worked with Small Business Victoria, the Victorian Small Business Commissioner and the ACCC’s Consumer and Small Business Strategies Branch, to invite key Victorian business stakeholders to yesterday’s event.

Business Email Compromise (BEC) is an online scam where a cybercriminal impersonates another business representative to trick an employee, customer or vendor into transferring money or sensitive information to the scammer.

Around 90 representatives attended the session in Melbourne, with the event video-conferenced across the country including to regional Victoria and Hobart.

The session was presented by a panel of five industry and government cyber security experts including Alex Tilley, e-Crime Lead for the Counter Threat Unit at Secureworks.

‘When you realise 41% of Australian businesses have no cyber security governance, it isn’t surprising they’re being targeted so specifically by cybercriminals. Australian businesses need to act fast and take their cyber security as seriously as other commercial risks,’ Mr Tilley said.

The experts provided a comprehensive examination of what BECs are, why they are so harmful, who are perpetrating BECs, how they are evolving, how government helps businesses, and the actions businesses can take to prevent themselves from becoming victim.

What is Business Email Compromise?

Business Email Compromise (BEC) is an online scam where a cybercriminal impersonates another business representative to trick an employee, customer or vendor into transferring money or sensitive information to the scammer.

Because these scams don’t often use malicious links or attachments, they can get past anti-virus programs and spam filters. These emails can include invoices or fines that may include threats to cancel your service or charge an excessive penalty if you don’t pay immediately.

This type of attack, due to the low implementation cost and high returns, is quickly becoming one of the fastest growing online business scams.

In Australia business email compromise has resulted in more than $20 million in associated losses across 2016-17.

Criminals are constantly developing increasingly sophisticated BEC techniques that often include a combination of social engineering, email phishing, email spoofing and malware.

What we’re seeing

The ACSC is responsible for building cyber resilience across the whole of the economy by supporting governments, large corporate and small and medium business, academia, the not-for-profit sector and the Australian community.

This type of attack, due to the low implementation cost and high returns, is quickly becoming one of the fastest growing online business scams.

Over the past three months the Centre’s global monitoring team has been on hand to assist business owners who have been impacted.

The team has received dozens of BEC incidents, requests or notifications from individuals and affected organisations in the private, academic, government and critical infrastructure sectors.

A large portion of the enquiries came from the construction industry, in part due to the high percentage of transactions between builders and their suppliers.

One instance included the owner of a small cabinet-making business who received and paid an invoice for $40,000 from a local supplier whose email had been compromised. The phishing email used their supplier’s logos and branding to appear legitimate to the business owner, deceiving him into paying the full amount.

In another phone call a small construction supply company reported that one of their large construction clients received an email purporting to be from them, seeking to change their bank account details. The email had an invoice and email signature block that looked legitimate. Because the construction client confirmed the request with their supplier, no funds were lost.

The ACSC also noticed spikes in BEC attacks around tax time, most likely in an attempt to catch businesses off-guard during a busy point of the financial year.

How to protect and recover from a Business Email Compromise

The ACSC has developed comprehensive guidance to help organisations protect themselves from business email compromises.

Educating your staff, establishing a consistent business process for validating payment and information requests and protecting your network is vital to ensuring limited exposure to these types of scams.

Educating your staff, establishing a consistent business process for validating payment and information requests and protecting your network is vital to ensuring limited exposure to these types of scams.

Remember, if something doesn’t feel right, it probably isn’t. Encourage your staff to trust their instincts and check anything suspicious via a phone call or face-to-face. Organisations like Domain Digital have specific security training platforms that can not only test your staff to see if you have potential vulnerabilites, but then offer a training and education platform to ensure you’re as secure as possible.

For more information

Talk to us, we can advise and educate you and by taking a few simple steps to lock down your online security, together we can reverse the threat of cybercrime. Simply visit www.domaindigital.com.au or call (08) 6441 6300.

For more news and information relating to online threats and mitigation, visit Cyber.gov.au.

China’s Cyber Spying on Australian Businesses – Some MSP’s Compromised

Australia is among a group of Western nations condemning China over a cyber spying campaign by two Chinese nationals, who it is claimed were acting on behalf the Chinese Ministry of State Security.

The FBI has accused China of trying to replace the United States as the world’s dominant superpower through this cyber theft, which targeted 12 countries as well as the space agency NASA. The Australian Government was also quick to condemn China, with National Cyber Security Adviser Alistair MacGibbon stating the syndicate had been targeting IT companies that provide services to  medium and large businesses. He went on to state that some MSP’s had been comprised in Australia. Read more here, https://www.abc.net.au/news/2018-12-21/australia-joins-condemnation-of-chinese-espionage/10645414.

Domain Digital is proud of our record of never having been compromised ourselves, and working diligently to be a leader in the industry when it comes to Cyber Security. To learn more about cyber security you may also want to read https://www.domaindigital.com.au/cyber-security/

All of the Domain Digital clients who have been aligned with our “5 Pillars of IT Success” model have also never been compromised. We’re working 24-7 to ensure your business is safe and secure. To find out how we can ensure your business doesn’t fall victim to this, or any other cyber security threat, contact us now 

The Dark Web, Hackers – What Perth Business Owners Need to Know

Criminals love stealing credentials, and too many people are handing them the keys to the kingdom. A recent study by Verizon showed that 91% of phishing attacks targeted the user’s credentials. Why? Because stealing your username and password is the easiest way to break in to your business data, your bank account and more.

We, as everyday people, make it even easier when we choose weak passwords or reuse the same passwords in multiple places. In fact, the study reported that 63% of confirmed data breaches involved weak, stolen or default passwords.

YOUR PASSWORDS ARE A PROBLEM

You’ve probably been told a hundred times to use a secure password. Many services even require long passwords or passwords with special characters. Many people are still ignoring the advice. As of 2016, 123456 was still the most common password. Other laughably crackable passwords on the list include qwerty, 111111 and, of course, password.

Another common method for choosing passwords is to use pet names, birthdays, favourite sports teams, etc. Nowadays, Facebook probably knows more about you than some of your family members. It’s not hard for a hacker to use Facebook to find out your favourite band and your mother’s maiden name.

Imagine if an employee’s personal credentials get hacked, but they’re using the same password for their work email. Suddenly, the hacker has a backdoor into your business.

Even with a strong password, you’re probably guilty of another password crime: recycling. 83% of Australians admit to using the same password for multiple online accounts. Once a criminal gets their hands on your credentials for one account, they’ll certainly try it on any of your other accounts they can find.

This is a big danger for businesses. Imagine if an employee’s personal credentials get hacked, but they’re using the same password for their work email. Suddenly, the hacker has a backdoor into your business. Once inside, they can sneak malware onto your network or try to penetrate deeper to get at your financial or employee records.

Reusing the same password for multiple accounts is like having the same key for your business, your house, your car and your bank account. Risky. Even worse, if it’s a weak password, it’s like making the key neon green and hiding it under your front doormat. No one would ever look there, right?

YOU’RE IN THE DARK!

One big problem with stolen credentials is that many businesses don’t know when they’re stolen. According to the Verizon study, 93% of attacks took only minutes, but the organisation took weeks or more to discover the breach.

In that time, your stolen data can travel extremely far on what’s called the “dark web.” The dark web is a part of the Internet can only be accessed with special browsers and direct links, making users untraceable. Criminals and hackers exploit this anonymity to buy and sell thousands of stolen credentials every day.

One big problem with stolen credentials is that many businesses don’t know when they’re stolen. 

In an experiment by cloud security company Bitglass, researchers tested how stolen data spreads on the dark web. They created a fake Google Drive account with fake financial data and other personal data. Then they leaked the Google Drive credentials and watched how hackers reacted.

The data immediately generated over 1,400 hits and 94% of the hackers also found the victim’s other accounts, including the fake bank account. It’s a powerful reminder of how fast information can spread online and of the danger of reusing passwords.

Find out if your passwords are protected

Again, most businesses don’t know if and when their credentials are stolen. But you don’t have to be in the dark anymore. Domain Digital can run a “Dark Web Penetration Report”and see if any of your company email addresses or passwords are on the Dark Web. We can then monitor the dark web and alert you when we detect any stolen information about your company. To book your “Dark Web Penetration Report”

How the Quick Thinking of a Staff Member Saved a Perth Business Potentially Thousands of Dollars

The quick thinking of a staff member of Perth based Fleet leasing company, Easifleet, really did save the company potentially thousands of dollars as a nasty malware was hidden within a compromised Dropbox account of a client of theirs.

It seemed legitimate enough, an Easifleet staff member received a couple of emails from a client’s Dropbox account. She receives emails from this client from time to time, with documents being transferred via Dropbox. This time, however, was different. Firstly, she wasn’t expecting any documents, also there was more than one email sent.

Some quick looks and a recommendation to perhaps touch base with the sender and see if they were indeed trying to send something through resulted in the client being made aware their Dropbox account had been compromised.

The staff member decided to place call to Easifleet’s IT support company, Domain Digital, just to “ask the question”. Some quick looks and a recommendation to perhaps touch base with the sender and see if they were indeed trying to send something through resulted in the client being made aware their Dropbox account had been compromised.

The links had been sent to their entire Dropbox email database with a particularly nasty malware attached to the links. The presence of mind, the ongoing education of staff in and around phishing and detection of other suspicious emails, truly saved the company.

Domain Digital’s online training and education platform could help your staff upskill and educate themselves as to what may constitute a suspicious email or a genuine phishing attempt. To find out more about how this can benefit you and your staff contact the Domain Digital team

O365 – Restore Access Scam

If you are on the administrator list of any Office 365 service, you will see many notifications coming through to advise you of various adds/ moves and changes.  The notifications come with standard branding by way of colours etc to ensure you recognise the messages.  The fact that the branding is clear and powerful, also makes these messages an easy scam if you are not careful.

The message below was sent through this morning complete with standard O365 colours.  I had not seen this particular message before, however the big green button made it very clear on what I was supposed to do.  Lucky I took a closer look – as should you with every action you take on line.

Firstly, we can see the the email address is not originating from Microsoft.

 Secondly, if you hover your mouse over the “Restore Access” button (being careful not to click it), you will see the following.  Again, it is clearly not linking to the intended Microsoft site.  

o365-scam

You need to remain alert – It would be very easy just to click on the restore and proceed to torch your computer – Possibly your entire network.

If you are looking for additional tips, sign up to our security tip list below:

Legitimate Invoice Request

Sometimes we see Spam message that are really clever.  Some are so bad, they make us laugh, just like this one.

Has anyone seen the message below?

As always, if  you see a questionable message just delete it.  Don’t try to figure out what their angle is – Don’t ever click on the links.

If you would like a weekly security reminder, sign up below to keep yourself safe.

NAB Bank Scam

So many scams, so little time.  Today there was a “Zero Day” release of this NAB scam.  Zero Day effectively means that no one has seen it before so none of the Spam filters recognise it to filter it out.  This makes it extra dangerous because if you click, it could go boom and there is nothing anyone can do.

That said, there are a number of key indicators that scream “SCAM”.

  1. The return address – no-reply@abbakademi.com – What actually is that.  These idiots didn’t even try to trick anyone here….
  2. Banks will never ask for verification via email.  It is too easy to be impersonated so it just wont happen.
  3. If you hover your mouse over the “Make It Now” button, it will tell you the address of where it is going to take you.


Make sure you don’t actually click on the link – it wont end well for you.  This process does show you that it is not going to nab.com.au – rather it is going to google.

The whole email looks like this:

This email should disappear in the days to come but there will always be ones just like it.

If  you would like to stay up to date with the latest scams and get a weekly security reminder, sign up below:

Advertising Link Extortion Scam

A spam scare campaign (extortion scam) is targeting email addresses, in which the attacker claims to have embedded a virus in adult web videos that is:

  • Recording keystrokes made by the computer user
  • Video recording
  • Collecting contact information from messengers, emails and social media

The email asks for bitcoins in exchange for not releasing this data. Bitcoin is an electronic currency with no central bank that relies on cryptography to secure and control transactions.

Here is an actual email (though the one you have might be different):

From: Wyatt Harris [mailto:dan@lentaua.com]

Sent: Tuesday, 15 August 2017 6:36 AM

To: Masked

Subject: KGS: Everyone will Laugh at you.

Whats good

During all your life u was notified to surf web catiously, but you didnt. Whats the problem?- You re guessing. Lets start with the fact that I adjusted the malicious soft on a webpage with videos for adults (site with porn content) (u know whats up). Object was watching video for adults and device began operating as dedicated desktop with keylogger function. So all cams and screen at the 1st onset started recording.

Then my virus collected all ur contacts from messengers, e-mails and social networks. So what do we have now? I made a double screen vid (first part-screen record(you have a great taste lmao), second- camera record) and all your contacts. I think its not good news. Thus I suppose that 320 usd is fairly for this little fail. My bitcoin wallet – 1L84P9ycBtG8nfy4Kqqwdu9yLch5as4ApJ

Ask internet how to buy it. It isnt very hard. Just write “Where can I get btc” Ull have one day upon opening this letter(I adjusted a tracking pixel in it, Ill know when you read it). If I don’t recieve my bitcoins Ill send video with you to all your contacts. Upon I get bitcoin- the compromising evidence will be destroyed. If u want me to show evidence, reply yeah and Ill share video that I made with 3 contacts Ive collected from you.

Can go to police, but searching me is more long-lasting than 1 day, im from France, so you will be a star among friends.

 

Yes the spelling and grammar is atrocious, but it still could give you a shock – Especially if you were browsing adult sites and your email address was stored in your web browser.  Whilst this campaign is not necessarily targeted, it is likely that the spammer has a spam list of email addresses they have sent this email to.

It is not necessarily related to visiting any adult website, but we have had a number of people call us that visited said sites are were subsequently a little concerned.

Secure your devices. Use anti-virus software to monitor and protect your computer and other devices (like smartphones and tablets) from infection, and keep your operating system and applications up-to-date.

Ways to protect yourself from extortion scams

  • Don’t pay the ransom. This is a scare campaign and there is no evidence that any data has been recorded. We recommend that if you receive this email (or any extortion email) you do not pay the ransom.
  • Even if an attacker does have questionable pictures, paying a ransom will only fund their activities and it is likely they will ask for more money. You should never pay a ransom.
  • Don’t surf porn sites on your work computer or any device you do banking on.
  • Secure your devices. Use anti-virus software to monitor and protect your computer and other devices (like smartphones and tablets) from infection, and keep your operating system and applications up-to-date. (This might also help with other vulnerabilities, such as the wifi vulnerability we recently wrote about)
  • Buy BankVault/SafeWindow – This will ensure your important transactions are safe.  You can find out more here

Finally, sign up to the Tech Tips page below for additional tips to keep yourself safe.

LOOKING FOR A DIFFERENT IT SERVICE?
ENQUIRE TO FIND OUT MORE ABOUT OUR SERVICES.

Account Transfer Scam

I had some good friends offer to send me some money this morning.  $2500 in fact.  Given I had no idea who they were would normally see me delete the email.

The issue is that the allure of extra cash is often so tempting that people will click just in case thus I thought I would write about it.

What could possibly go wrong here?  Lots of things is the short answer but there are two that are more likely……

First, lets look at the email in question:

Its not personalised and I wasn’t expecting it.  There will be one of two things they are trying to do:

  1. Deliver an unwanted file to my PC – this will be ransomware or a virus to cause damage to the computer
  2. Scam my details and or confirm I am a candidate they would like to spend some more time with

What are the warning signs of this style of scam?

  • The sender claims they have identified you as a winner by randomly choosing your email address. They may say the offer is ‘legal’ or ‘legitimate’, and has ‘government approval’
  • To claim your prize you may be asked to buy a ticket, pay a fee or call a premium rate phone number (usually starting with 190).
  • You may be asked to provide your bank account details, or to send the fee to a PO box number or via a money transfer service.

Be careful of phone numbers beginning with 190. These are charged at a premium rate (sometimes even for receiving a message) and can be very expensive.

How should you protect yourself?

  • Be careful of phone numbers beginning with 190. These are charged at a premium rate (sometimes even for receiving a message) and can be very expensive.
  • If you have any inkling the offer might be genuine, contact your computer technical support team www.domaindigital.com.au – they may be able to tell you straight away if there is an issue.
  • Do an internet search using the names or exact wording of the letter/email to check for  any references to a scam – many scams can be identified this way
  • If you think it’s a scam, don’t respond — scammers will use a personal touch to play on your emotions to get what they want.
  • Never send money or give credit card, online account details, or copies of important personal documents to anyone you don’t know or trust and never by email

Never send money or give credit card, online account details, or copies of important personal documents to anyone you don’t know or trust and never by email

If you are not 100% sure of something, ask for advice.  Its so much easier than rebuilding your computer or loosing a bunch of money.

Stay safe and if you are looking for some extra security tips, sign up below:

Want to know more about how Domain Digital’s IT services in Perth could be of value to your business?