Phishing, Malware & Cyber Security in Australia

Reports of cybercrime have been steadily growing in Australia. The Australian Online Cybercrime Reporting Network releases quarterly reports, indicating that in 2015, they received 9,600 reports of cyber offences.  In the final quarter of 2018, that number has climbed to more than 13,000.

The reports also reveal a surprising trend. While you may believe victims are largely Baby Boomers, seniors, or non-digital natives, the 2018 report shows that the highest victim age bracket, at 43% of all cybercrime reports, was 20-49 year olds.
It’s not just celebrities, it happens to your friends, family and colleagues.

 Adi Ashkenazy, CEO of Sydney-based leading cyber security firm Skylight Cyber Security and former member of the Israeli intelligence community recommends a good place to start your cyber safety journey is with the Have I Been Pwned website, a safe and trustworthy service that allows you to see if your email has been hacked in the past.

From there, the Australian Centre for Cyber Security has compiled a simple six-day checklist, released in April, to achieve a thorough culture of security around your online activity.

More advice form Ad Ashkenazy incudes:

You really do need to have a different password for every log in.
While it’s easy to get lazy, there’s a very legit reason to not be. One of the most common techniques is called “credential stuffing,” explains Adi, “The idea is to reuse user/password pairs that have been leaked and are available online and attempt to gain access to other accounts used by the same person.

For example, if you signed up to a website/app with your e-mail and ‘favourite’ password and that website/app gets hacked, hackers will try to re-use the same e-mail and password on popular services like Instagram, Gmail and Facebook.

Never automatically trust links in emails
Even if they’re from friends or familiar organisations like Google. This social engineering technique involves sending a message to a target that is designed to make them click an unsafe link, download malware or somehow give an attacker important information by pretending to be someone legitimate.

For example, a message that appears to be from an acquaintance, a large firm like Google or a service you may be using. Once the target provides enough information or downloads a malicious program, the hacker can harvest the required information from the computer or mobile device.

Some hackers will randomly try and type in your password
With so much emphasis on ‘credential stuffing’ and phishing, people may think the days of hackers ‘guessing’ passwords are done. They aren’t. Weak passwords/password guessing are another common technique. A surprisingly large amounts of people still use simple numeric passwords like 12345678, their birthday, pet names or other information that can rather easily be guessed or found online.

You won’t know you’ve being hacked until you’ve been hacked
Movies and TV have gone a long way to make many people think they’ll be signs, or obvious and irregular activity that they’re being hacked, but often you won’t know until it’s too late. Unfortunately, there is no one full proof detection technology or solution, and it really depends on the platform. Most modern platforms today like Gmail try to abstract the detection techniques from the user and instead alert him/her when suspicious activity is identified.

For example, when someone has logged into your account for the first time from a new device or geographic location.
Most people discover they have been hacked when the damage has been done. For example, your entire contacts are suddenly receiving messages from you, claiming you need their urgent monetary assistance.

Don’t assume you aren’t “interesting enough” to be hacked
You absolutely are. An additional awareness issue is the belief people have that they are not interesting enough for hackers. The reality of low-end hacking in 2019 is that it’s automated and non-targeted. Therefore, while you may not be a high rolling billionaire, if your email and password were leaked somewhere, there’s a good chance an automated campaign will pick that up and try to hack you.

Be cautious of unsolicited incoming International calls
The ones that ring once and don’t leave a message. As per the Australia Centre for Cyber Security, Overseas calls can be hazardous. The intention behind these calls is for you to call them back. These are known as “Wangiri” calls, a Japanese term roughly translating to “One and cut.”

Upon calling back, you’ll be put on hold, or speak with the scammer directly. Either way, they’ll attempt to keep you on the line as long as possible as these numbers will charge you a premium rate to “use” the service. Like how 1900 numbers, or premium mobile numbers work, a percentage of the revenue raised by the call will go to the scammer by the service provider.

Don’t wait for proof 
Even if you just suspect you’ve been hacked, seek help. Speed and expertise are of the essence in these cases and I strongly suggest consulting with an individual who is at least somewhat tech savvy. In any case, you should change/update all your passwords as quickly as possible. If you are not already using multi factor authentication, enable it is available in all the leading social media services. 

If you believe a device (mobile or computer) has been potentially compromised and infected with malicious software, consult an expert.

The Brag

You Might Also Read: 

Only Four Suspects In Australia's High Level Attack:

Dealing With Malicious Emails:

« Cyber Attacks On The British Financial Sector Increasing Fast
China’s Dirty Secret - Intellectual Property Theft »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Protegrity

Protegrity

Protegrity is an enterprise and cloud data security software for data-centric encryption and tokenization to protect sensitive data while maintaining usability.

Fortify Experts

Fortify Experts

Fortify Experts is a search and recruitment firm specializing in Cyber Security.

Redjack

Redjack

Redjack is a cutting-edge network analytics company focused on enterprise and ISP security and intelligence solutions.

Suprema

Suprema

Suprema is a leading global provider of access control and biometrics solutions.

InfoGuard

InfoGuard

InfoGuard is a leading Swiss company providing comprehensive cyber security and network solutions.

Augusta HiTech

Augusta HiTech

Augusta Hitech is a focused product development, software services and technology consulting company. Our Vision is to become the most socially impactful and innovative technology company in the world

EvoNexus

EvoNexus

EvoNexus is a technology startup incubator with locations in San Diego, Orange County, and Silicon Valley.

Elron Ventures

Elron Ventures

Elron partner with early stage ventures to build companies that transform lives and industries. Our main areas of focus are enterprise software, cybersecurity, and healthcare.

Thridwayv

Thridwayv

Thirdwayv helps your enterprise realize the full potential of loT connectivity. All while neutralizing security threats that can run ruin the customer experience - and your reputation.

Nexum

Nexum

Nexum takes a comprehensive approach to security, from detecting and preventing network threats, to equipping you with the information, tools and training you need to effectively manage IT risk.

Data Storage Corp (DSC)

Data Storage Corp (DSC)

Data Storage Corporation is a provider of data recovery and business continuity services that help organizations protect their data, minimize downtime and recover and restore data.

The IoT Academy

The IoT Academy

The IoT Academy is a reputed Ed-Tech Institute that provides training in emerging technologies such as embedded systems, the Internet of Things (IoT), Data Science and many more.

Capgemini

Capgemini

Capgemini is one of the world's foremost providers of consulting, technology and outsourcing services. Areas of expertise include Cybersecurity.

Paperclip

Paperclip

Paperclip provides paperless solutions while enabling compliance and security for the exchange of critical content.

Sababa Security

Sababa Security

Sababa Security is the first Italian innovation cyber security vendor, that provides security products, training, and managed services to protect diverse IT and OT environments.

Mindgard

Mindgard

The Mindgard Security Copilot platform secures your Artificial Intelligence, GenAI and LLMs.