Welcome to Cyber Insights with Mercury IT. This month we focus on latest breaches, top cybersecurity tips and the impact of payment redirection scams in Australia.
Payment redirection scams cost Australian businesses $128 million in 2020
Payment redirection scams were the most financially damaging scams for Australian businesses in 2020 according to the ACCC’s latest Targeting Scams report. Combined losses reported to Scamwatch, other government agencies, banks and payment platforms totalled $128 million in 2020.
The ACCC provides a range of resources for businesses on how to avoid scams on the Scamwatch website and in our media releases throughout the year. Businesses that have been scammed should contact their bank as soon as possible. If the scam occurred on a platform such as Facebook, contact them directly to report it. Businesses can also report a scam to ReportCyber, which is run by the Australian Cyber Security Centre and passes reports to law enforcement agencies for assessment and intelligence purposes.
Australia – TPG Telecom
TPG Telecom has announced that it had the data of two unnamed large customers improperly accessed on its legacy TrustedCloud hosting service. It added it did not believe any other customers were impacted by the breach. The service was part of a 2011 acquisition by the telecom and is set to be decommissioned in August 2021. An investigation is underway and authorities have been informed. Read more here >>
Exploit: Third-Party Data Breach
Australia – New South Wales Health (NSW Health)
New South Wales Health has confirmed that it is the latest organisation impacted by the major cyberattack on the file transfer system owned by medical data services provider Accellion last month. The state entity said that no medical records maintained in public hospitals were affected. The agency has begun notifying people whose data may have been accessed. NSW Health has upgraded its technology to avoid future problems Read more here >>
You may or may not visit sensitive websites in your free time. However, what would happen if a hacker tried to blackmail you by saying that they had “proof” that you were on a sensitive website? This is a common example of how extortion-type phishing attacks work.
How it works:
- A bad guy sends you an email that appears to come from your own email address.
- In the email, they claim to have compromising images or video footage of you that they threaten to share with people you know.
- They demand money, usually in the form of cryptocurrency. They claim that if you pay them that they will not share this compromising content with your family and friends.
The bad guy doesn’t actually have the compromising content that they claim they have. Do not send them money! Either delete the email or follow the reporting procedures that your organisation has put in place.
Tips to avoid extortion:
Although the above is a scam and not true extortion, legitimate extortion is a serious internet crime that can lead to devastating consequences for victims.
According to the FBI, here are some things you can do to avoid becoming a victim of extortion:
- Never send compromising images of yourself to anyone, no matter who they are or who they say they are.
- Don’t open attachments from people that you don’t know, and be wary of opening attachments even from people that you do know.
- Turn off or cover your webcam when you are not using it.
If you require assistance with cybersecurity for your business, contact us