Email Phishing Scams: Protecting Yourself Online

Have you ever found an email that claimed to be from your bank or telco but seemed a bit off? Ever received a phone call, apparently from the ATO, that was a weird, pre-recorded voice telling you that your tax file number is suspended? Our money’s on, yes. 

Hopefully, you recognised these communications for what they are — scams, in particular, phishing scams.  

Unfortunately, however, Australians fall prey to phishing scammers every day, and cases are growing. In 2020 alone, Australians lost a record amount of over $851 million to scammers.  

To help better protect you from online scammers, we’ll go through some traits that phishing scams have in common, so you know which warning signs to look out for.  

What are phishing scams? 

Phishing scams are a popular way for scammers to try to gain access to your financial and personal details. Specifically, scammers will try to gain access to things like bank account numbers, passwords and credit card numbers.  

Scammers will typically pretend to be from a legitimate business or organisation like a bank or the ATO. You may be contacted via email, phone call or text message or even over social media.  

While phishing scams are varied, they all share common elements. By understanding what these elements are, and knowing what to look out for, you can better protect yourself online.  

Phishing scams: things to look out for 

1 – The message is sent from a public email domain 

Always confirm that the email you receive comes from a private email domain. If you get contacted by someone claiming to be your bank, but their email address ends with something like @gmail.com or ‘@live.com’, it is major red flag.  

Only very small private businesses would ever use a public email domain. Unless the email address finishes with a nice and clean ‘@legitbank.com.au’ or something similar, don’t trust it. 

2 – The message contains typos 

Poor spelling and grammar are another major warning sign. 

If a scammer texts or emails you pretending to be a trusted organisation, pay attention to any typos or grammatical errors. Also, check that you are addressed by your proper name, in the same style that the legitimate institution usually uses when corresponding with you.  

Pay attention to words that seem slightly out of context but still make sense. Major institutions pay big money to ensure their communications are correct and professional. So, if you read an email that reads like it’s been dragged through Google Translate backwards, be very wary.  

3 – You’re asked to update or confirm details 

A key element at the centre of phishing scams is the scammer trying to access your details. They may disguise this as asking you to ‘update’ or ‘confirm’ your login details.  

Common examples of this include the scammer claiming that their organisation is verifying all customer information, due to a technical glitch. Alternatively, the scammer may claim that there has been ‘suspicious activity on your account’ and the bank needs to investigate.  

Finally, be cautious of any site that asks you to provide details you don’t normally give. 

4 – Website address looks slightly different 

Phishing scams are intended to look legitimate. Scammers may set up a fake website that looks almost identical to its counterpart; however, the address will be slightly different. 

Pay attention to multiple letters in the address or slightly different spelling.  For example, ‘legitbank.com.au’ may be spelled ‘legittbank.com.au’ in a scam.  

Check whether the website is secure. You can generally tell secure websites apart from non-secure sites as they use ‘https:’ instead of ‘http:’. In addition, check for a closed padlock or key icon in the corner of your browser window.  

Any legitimate business that stores confidential information will be encrypted so your details are kept safe. 

5 – Suspicious links or attachments 

Phishing scams can be done over email, phone or social media. Regardless of their delivery method, they all aim to gain access to your personal information.  

One common method for this is through tricking people into downloading attachments or clicking on dodgy links containing malware. Unfortunately, some people may not realise the attachment contains malware until it’s far too late.  

Therefore, never open any attachment or click on any link unless you are convinced that it comes from a legitimate source. In general, if it smells a bit off, it usually is — especially on the internet.  

6 – You’re asked to respond quickly 

The final thing to look out for is the scammer asking for an immediate payment or response.  

If you receive a suspicious call from someone claiming to be from your bank, ask for their name and number and confirm with the bank yourself. If they claim there is no time and you must pay immediately, you are almost certainly dealing with a scammer.  

Banks are committed to your information being secure and will usually never deny a request to verify their security. 

Email-phishing-scam-victim

What do I do if I receive a phishing email? 

If you suspect you have received a phishing email, text or social media message, delete the correspondence immediately. Do not click on any links or attachment in the email and block the contact.  

It may also be worth getting in contact with your bank to confirm no suspicious activity has been recorded on your account.  

Reporting a phishing scam 

The best way Australians can help fight back against scammers is to report any scams they come across. There are several places to report incidents of phishing, and you may want to report it to more than one, depending on your situation.  

Banking and credit card scams  Your bank or financial institution 
Fraud and theft  Your local police service – call 131 444 to make a non-urgent report. 
Tax related scams  Australian Taxation Office 
All scams  Scamwatch 

 

When reporting scams, it is best to act as swiftly as possible. If a scammer gains access to your credit card or bank account information, call your bank as soon as you can to have your account frozen. Depending on your bank and how quickly you report the crime, you may be able to have the unauthorised transactions reversed.  

How can I protect myself against phishing scams? 

The best way to prevent yourself being a victim of a phishing scam is to protect your personally identifiable information. Your personally identifiable information includes things like your email address, phone number and postal address.  

Here are a few simple things you can do:  

  • Use strong passwords and don’t use the same one for all your accounts. 
  • Make sure your computer and mobile devices have the latest updates. 
  • Only shop on secure websites. 
  • Avoid using public Wi-Fi. 
  • Avoid turning on your mobile’s hotspot in public. 
  • Shred letters from your bank or employer that contain personal information. 

For a more detailed description on protecting yourself and your organisation from scammers, check out our article on the Essential Eight. 

Where can I find more information? 

For up-to-date information on scams in Australia, head to scamwatch.gov.au or subscribe to their scam alert emails.   

For more general information on scammers, download the Australian Competition & Consumer Commission’s (ACCC) ‘The Little Black Book of Scams’.  

The Little Black Book of Scams is available in several different languages and is internationally recognised as a helpful tool for individuals and small businesses to protect themselves against online scams.   

Can Monocera help protect me? 

Of course!  

While we’re not bodyguards or private detectives, we do know a thing or two about protecting your information online. So, if you have any further questions on email phishing scams, or phishing scams in general, reach out by calling us on 07 3369 1415 or by emailing info@monocera.co 


Essential Eight: How to Stay Safe Online

As our society becomes increasingly dependent on information and communications technology (ICT), the potential threat to our cyber security only increases. Whether it be email scams, identity theft or data breaches, the importance of your organisation protecting themselves online has never been higher.  

To help combat this, the Australian Government’s Cyber Security Centre has released ‘the Essential Eight’. The Essential Eight are a series of baseline mitigation strategies to combat cyber security incidents.  

Sound a bit confusing? Don’t stress – we get it. We’re here to translate all the digital mumbo-jumbo into everyday English.  

In this article we’ll briefly go over what count as cyber security incidents, explain each of the eight and the importance of keeping your organisation safe online.  

What are cyber security incidents? 

Before we jump into it, let’s quickly define what we’re talking about. Cyber security incidents, also known as cybercrime, refer to a wide range of situations.  

The Australian Federal Police outline the term cybercrime as describing both:  

  • crimes directed at computers or other ICTs (e.g. computer intrusions and denial of service attacks), and 
  • crimes where computers or ICTs play a central part in the offence (e.g. online fraud).  

Moreover, the Australian Cyber Security Centre lists some of the more common types of cybercrime, including:  

  • Identity theft and fraud (e.g. criminals gaining access to your information to steal money or other benefits) 
  • Online fraud (e.g. criminals pretending to be your bank to gain access to your credit card information) 
  • Cyber-enabled abuse (e.g. bullying or harassment online) 
  • Online image abuse (e.g. intimate images or videos being shared without the consent of the person pictured) 
  • Affected devices (e.g. your smartphone being infected by malicious software).  

So, while there is a wide scope of cyber security incidents, they all revolve around an offence conducted through, or targeted towards, computers or other ICTs.  

The thing is, cybercrime is often a lot more nefarious than being catfished on a dating app. Being a victim of cybercrime can have devastating financial and social consequences.  

The Essential Eight 

The best way to mitigate against potential security threats is to protect yourself. Just as you would lock your doors and windows when you leave your house or install CCTV, so should you do everything you can to protect yourself online.  

There are several different mitigation strategies that can help protect you against cyber security incidents. While no single strategy is guaranteed, having several strategies working at the same time is the best way to protect yourself and your information.  

To make things easier, the Essential Eight is recommended by the Government as a baseline to protect against cyber security incidents. We’ll go through each of these one-by-one below.  

Essential_Eight_security_laptop

Strategies to prevent malware delivery and execution   

Application control 

Application control is an approach designed to protect you against malware executing on certain systems. Implementing application control properly ensures only approved and trusted applications can interact with your device.  

In simpler terms, it stops your device interacting with malicious code and downloading suspicious applications. 

Windows 10 includes two technologies that can be used for application control. Depending on your organisation’s specific scenarios and requirements, you can use: 

  • Windows Defender Application Control; and 
  • AppLocker. 

Through effective application control, all non-approved applications are prevented from executing with your computer or device.  

Patch applications 

Patches are a set of changes to an application or its supporting data that updates, fixes or improves said data. If a security risk is detected in the application, the vendor may release a newer, updated version of the application.  

Security breaches or vulnerabilities in an application may be used to execute malware on your system. Therefore, if a risk is detected, it is recommended you patch or mitigate the at-risk computers within 48 hours.  

Best practice is to continually update applications and always use the latest version of applications. 

Configure Microsoft Office macro settings 

The ubiquitous Microsoft Office suite may be used to deliver malicious code into your organisations system through macros 

Macros are a small program or script that helps automate common or repetitive tasks. For example, you might record a macro in Word that inserts your entire address when you press a custom key combination. Alternatively, an Excel user might record a macro that formats the data in a specific column of their spreadsheet.  

So, in order to protect your computer, configure your Office setting to only allow vetted macros from trusted locations or those that are signed with a trusted certificate.  

User application hardening 

Flash, ads and Java are popular ways for malicious code into your system.  Therefore, it is recommended that you uninstall Flash and block ads and Java while browsing the internet. In addition, configure Office so it disables Flash content.  

Strategies to limit the extent of cyber security incidents 

Restricting administration privileges 

If you work in an organisation, it is recommended you restrict administration privileges to specific systems and applications based on a user’s specific duties.   

For example, don’t give someone in marketing the administration privileges for the accounts department. After all, administrator accounts have full access to information and systems and are seen as the ‘keys to the kingdom’.  

Limit the number of people that have admin privileges – the fewer keys there are, the fewer opportunities there are for attacks.  

Patching operating systems 

This is essentially the same as the earlier recommendation on updating at-risk applications. In short, make sure your operating system is always up to date and never download unsupported versions of your OS.  

Multi-factor authentication 

Multi-factor authentication is another line of defence protecting you and your organisation’s information and data. It is recommended that multi-factor authentication is used by all users to access important information.  

Multi-factor authentication builds on the old password model and adds another security element, such as Universal 2nd Factor security keys, physical one-time password tokens, biometrics or smartcards.  

There are several popular and free multi-factor authenticator apps, including:  

  • Google Authenticator 
  • Microsoft Authenticator.  

Strategies to recover data and system availability 

Daily backups 

Regularly backing up important data, software configuration settings are key to recovering your data in the event of a breach. It is also important you store backups for at least three months or greater and that backups are stored offline.  

As with any protection equipment or procedures, it is important you test your full restoration of backups. Just as organisations practice fire drills, so too should you practice restoring backed up information – at least every quarter or when important changes occur.  

Why is cybercrime prevention so important? 

As more of our lives become dependent on the internet and ICTs, the opportunities for criminals to take advantage of unaware or unprepared people.  

Consider this – the Australian Cyber Security Centre receives one cybercrime report every ten minutes from individuals and businesses. If the police reported a car being stolen every ten minutes, would you leave your car unlocked, with the keys in the ignition and parked on the street? Probably not.  

Another thing to consider is the role of cyber-attacks in a changing political climate. In June of 2020, the Prime Minister Scott Morrison released a statement disclosing the fact that Australian governments and businesses had been the target of a ‘state-based attack’.  

While we aren’t telling you to start Doomsday prepping, what we are saying is that cybercrime is here to stay.  

The good news is, just as cyber criminals are becoming more sophisticated, so too are the strategies and applications that protect individuals and businesses.  

We get that for a lot of people, all this seems very complicated and convoluted. That’s why we’re here to help translate it all into plain English and make sure you and your business are best protected – especially if you aren’t super tech-savvy.  

If you want to find out more about cyber security incident prevention, give us a call on 07 3369 1415 or by heading to our contact us page.  

Stay safe out there! 


Privacy Settings
We use cookies to enhance your experience while using our website. If you are using our Services via a browser you can restrict, block or remove cookies through your web browser settings. We also use content and scripts from third parties that may use tracking technologies. You can selectively provide your consent below to allow such third party embeds. For complete information about the cookies we use, data we collect and how we process them, please check our Privacy Policy
Youtube
Consent to display content from Youtube
Vimeo
Consent to display content from Vimeo
Google Maps
Consent to display content from Google