Written by: Marcelo Dantas, Chief Information Officer
In 2020 there has been a significant rise in the number of cyber-attack attempts across all industries in Australia.
In the last financial year there were 4,255 reports of Business Email Compromise scams, representing losses of over $142 million.
Since the pandemic’s outbreak, the Government’s Scamwatch has received over 5,170 coronavirus-themed scam reports with over $6,280,000 in reported losses.
Two of the most common types of cyber-attacks are phishing and ransomware. Fortunately, there are ways to prevent both from impacting your business.
Phishing
Phishing (pronounced ‘fishing’) scams are made to appear as if they were sent from individuals or organisations you trust. Attackers can steal credentials using phishing techniques and then do further harm, using those compromised credentials to login and send out malicious or fraudulent content to your email contacts.
An example is called Employee Impersonation, where criminals compromise an email account and impersonate a work colleague via email. Attackers can use this identity to commit fraud in a number of ways. One common method is to impersonate a person in higher management (such as a Director or CEO) and have a false payment request raised. Another method is to request a change to a worker’s banking details.
It is very important to stay vigilant. Trustworthy organisations will not call, text or email to verify or update your information. When you receive unsolicited requests from organisations, there are a number of simple things you can do to keep yourself safe:
- Use multi-factor authentication and strong passphrases.
- Double check details such as the spelling of a sender’s domain name by comparing it to previous correspondence
- Use spam and message scanning services offered by your email providers to filter potentially unsafe content
- Exercise critical thinking and be vigilant when receiving phone calls, messages and emails
- Exercise caution opening attachments on messages or clicking on links from unknown senders
- Do not provide personal information (such as usernames, passwords, passphrases or secret/security questions and answers) to unverified sources
Ransomware
Ransomware is a type of malicious software, also known as malware. When it gets into your personal device, it makes your computer or its content unusable.
Attackers use ransomware to deny you access to your files or devices. They then demand you pay them to get back your access.
Ransomware can infect your devices in the same way as other malware or a virus. For example:
- Visiting unsafe or suspicious websites
- Opening emails or files from unknown sources
- Clicking on malicious links in email, SMSs, Whatsapp or on social media
Common signs you may be a target of ransomware include:
- Files request a password or a code to open or access them
- You cannot access your files, or your login doesn’t work for unknown reasons
- Pop-up messages requesting payment to unlock files
If you are a victim, it is recommended to restore your files from backup instead of paying for ransom. There is no guarantee your access will be restored, and this may make you more vulnerable to future attacks.
Getting In Touch
Please contact your client manager if you have any questions about Automic’s cybersecurity program or if you would like any advice in this space.