Take a look at this image. He may look like a Nigerian Prince, his email may make it sound like he is a Nigerian Prince and even his website may look like a Nigerian Prince’s website, but I can promise you he is not a Nigerian Prince. He is Keith, Team Leader of our Helpdesk and no matter what he says to you online, he does not need your personal details to send you millions of excess dollars out of the country.
Ok so this is obvious and along with cheap Viagra, is one of the most well known scams online. But what is not obvious is some of the new online scams designed to trick you into handing over personal details, blackmail you into sending money or purchasing fake products. Online organised crime is big business and these people are constantly working on ways to avoid SPAM filters, hack websites and fake legitimate company documents to think you are doing the right thing online. We want to detail some of these techniques that scammers are using and ways you can protect yourself and staff from these types of online attacks.
Everyone has been told, don’t use the same password for everything online. But many people still do not understand exactly why. The obvious answer is that if someone guesses this password, they can get in to everything, but there is more to it than that. We will start with password guessing – Take for example that someone guesses your email password (think G-mail, Hotmail, etc), they can obviously read your emails. But what happens next? Almost all sites online now offer a ‘forgot your password’ option and most do not ask for any more information and send out an email to reset your password. If someone has access to your email, then it is not long before they have access to everything else.
But what about not guessing your password, how can keeping the same password still be an issue? Well, not all websites are designed equally and not all websites have the same budget for security or keep their systems up to date as they should. Remember those forums 8 months ago you created an account on to try and figure out who was going to win The Bachelor? No, neither do I, but their website just got hacked, someone downloaded the username and password list and now they are automatically testing all those accounts against Facebook, Instagram, G-mail, Hotmail and banking websites. Next thing you know your credit card has some interesting purchases on it and you are none the wiser.
To keep passwords under control, you could use a product like LastPass (www.lastpass.com). This will create random passwords for your different accounts and manage them centrally.
Email is one of the most common methods for people to circulate false information to trick users into opening attached documents or following links to fake websites designed for you to enter your secure details. Scammers are constantly testing new methods to circumvent even the best SPAM filters in the world and when they discover an opening, they will send millions of emails in a very short period of time to get these emails out before that opening is closed. Genuine web sites are being targeted and if a vulnerability can be found (often in website plugins like chat windows, themes, etc) these will be exploited and the legitimate website is now sending out spam in the background.
With email however it is about the content. We have gone from seeing Viagra and Nigerian Prince schemes blasted all over the world to very carefully crafted legitimate looking emails for specific regions asking the user to do something which in itself seems innocent. In the last 6 months in Australia we have seen things like ATO Tax Notifications asking people to read their tax refunds at the end of financial year, State Debt Recovery emails notifying people of speeding fines and asking them to look at the images, to Australia Post emails advising of a delivery. In the last few months in the lead up to Christmas we have seen a significant increase of SPAM globally targeting users for fake shopping websites, holidays, etc. More and more these emails are becoming harder to pick as a fake, making it harder for SPAM filters to do the same, so users need to be aware that this is happening. ALWAYS REMEMBER, if you are not expecting an email from that company or do not have a relationship with that company, then the email may be fake. Do not follow links or open attachments on emails you do not know the recipient and if you have any doubt, call the company and check first. Another quick check you can do is to Google the subject of the email and see if there is a scam going around. Searching for ‘Australia Post Scam’ for example will give you plenty of evidence you do not actually have a parcel waiting.
Users and education are the most important piece of the security puzzle when it comes to online safety, but there are things you can do to protect yourself and your staff online. A SPAM filter and Anti-Virus are an absolute minimum today, with additional layers causing extra protection such as web filtering checking and blocking malicious links in the event someone does click on a bad link and a next-gen firewall scanning the traffic passing through it and blocking it before it hits the user. Remember your web protection and security aware firewall will know when a website has been compromised well before you are, so if your users are reading a SPAM email that is a few hours old and do click on the link, then an extra layer stopping them getting to that dangerous website can be the difference between downtime for your user or business, or the user realizing what they just did before it’s too late and being more careful next time. More info can be found here (https://www.rodin.com.au/utm-info-page/) about additional layers of filtering.
Stay safe this holiday season when you are opening your new toys and registering all of those new accounts online. Please feel welcome to contact us and check how much protection you have online or to inquire about additional security.
Merry Christmas and a Happy New Year from the entire team at RODIN! (Even Keith).