A recent Scamwatch email alert is warning about a dangerous scam impersonating the ACCC (Australian Competition and Consumer Commission). The email contains links that will infect your computer with malware and hold your data for ransom.

The article at https://www.scamwatch.gov.au/ contains an example of the email. The scam starts by informing the business owner that ‘a complaint has been filed against your Business’. It then states that they should click on the link to view the complaint.

Hovering over the link will show that it does not go to a Australian Government website. The link leads to a zip file containing a malicious program and does not contain a pdf as stated.

ACCC Scam Email

Protect Yourself

We encourage everyone to be careful when reading emails. Think twice before clicking on any links or website that may seem suspicious. If you are unsure if an email is real, consult a colleague or IT professional.

Other email scams currently received by Australian users report to be from Netflix and the Federal Court. The ATO (Australian Tax Office) has also warned about scam emails due to Tax time. Complaints about fake surveys and gift cards are also on the rise.

Unfortunately, these email scams target millions of addresses and do work. Australians lost over $229 million to scams in 2015, an average of $10 per Australian.

If you use the same password for all your online accounts, you are not safe.

The number of exposed accounts with easy passwords increase every week. The security website HaveIBeenPwned now lists over 359 million MySpace and 164 million LinkedIn accounts, among other major websites.

If you use the same or similar password for many of your accounts, criminals can use these breaches to gain access to other accounts, just by trying the breached account details on your other services.

Recent attempts into Government and Corporate systems may be related to breaches of AdobeSnapchat and Forbes databases. Remote sharing software recently attacked include TeamviewerLogMeIn and Citrix GoToMyPC.

As an example, if you use the same password on LinkedIn and Twitter, ‘hackers’ can use the data stolen from LinkedIn in 2012 to log into your Twitter account.

The webcomic XKCD summed this up rather well:

XKCD Password Reuse

What can you do?

Change your passwords on a regular basis.

Yearly password changes can stop ‘hacks’ plaguing celebrities and businesses alike. Vital services such as your main email account passwords should change quarterly.

Enabling Two Factor Authentication (2FA) is an added level of security that many online services offer. 2FA apps generate a security code through your phone like previous bank security devices.

Use a secure password manager to store and sync your passwords.

We recommend LastPass, which also checks for weak passwords and can generate random passwords. It also supports Two Factor Authentication integration. A Premium account can share business accounts with other employees.

Computers should also be running up to date antivirus subscriptions. Targeted malware attacks can still compromise Password Managers and Browser password storage.

Check the current database of breached websites and change or close any old accounts.

Security sites including HaveIBeenPwned can search over 1 billion accounts that have been compromised. You can then log into these accounts and close them, or change the password to a more complex one.

Lock your mobile phone.

Set a strong PIN to access your phone. Configure the Find My iPhone or Android Device Manager to track the phone if it lost or stolen. Enable remote wiping so that pickpockets cannot access your accounts.

Only 36% of consumers surveyed in 2014 had a screen lock on their phone and less than 30% had a backup of their phone data.

 

Subscribe to the Australian Government’s Stay Safe Online alert service to be informed of the latest threats to online security: https://www.communications.gov.au/what-we-do/internet/stay-smart-online/alert-service

Consult a computer professional should you believe that your accounts or computers have been compromised.