Welcome to Cyber Insights. In this edition we share a spear-phishing scam, provide an update on recent breaches and offer some tips on email security.
Last month, researchers at Fortinet observed a sophisticated phishing email sent to a Hungarian diplomat. In the email, cybercriminals disguised themselves using the first and last names of an employee in the diplomat’s IT department. In this case, the diplomat believed the email was suspicious and forwarded it to the actual employee in the IT department for investigation.
This case is a perfect example of a widespread attack called spear-phishing. Spear phishing attacks are targeted at a single person or department with information that cybercriminals want. In these attacks, cybercriminals research the specific person or department and figure out whom they talk to frequently. Then, the cybercriminals send a message to the person or department, pretending to be someone they know and trust. It’s essential to watch out for these attacks because they can happen to anyone, not just diplomats or executives.
Follow these tips to stay safe from spear-phishing attacks:
- Don’t open attachments or click on links in emails that you were not expecting.
- Check email headers to ensure you recognise the sender and other recipients.
- Reach out to the person who allegedly sent the email by phone or in person. By reaching out to the alleged sender directly, you could save yourself and your organisation from a potential spear-phishing attack!
Exploit: Supply Chain Risk
National Disability Insurance Scheme (NDIS): Government Program
Risk to Business: Severe
A client management system provided by a service provider and used by the National Disability Insurance Scheme (NDIS) has exposed sensitive data. CTARS, a Sydney-based software and analytics provider for the disability and care sectors, maintained the system. NDIS disclosed that an unauthorised third party had accessed its systems on May 15, 2022.
Risk to Individual: Severe
National Disability Insurance Scheme (NDIS) says that personal information relating to patients may have been exposed, including details of the diagnoses, treatment, or recovery of a medical condition or disability. Other data possibly compromised includes Medicare and pensioner cards and tax file numbers.
Read more about the security breach here >>
The prevalence of phishing scams is at an all-time high. With you being the key to preventing a cyber attack within your organisation, it is crucial to question the legitimacy of every email you receive. Below is a list of questions to ask yourself about the recipient of the email that may help you realise that you are being phished.
TO: Analyse who was the email sent to.
Were you CC’d on an email, and you don’t personally know the other people it was sent to? Or was the email sent to an unusual mix of people? For example, a seemingly random group of people with unrelated email addresses or a group of people at your organisation whose last names all start with the same letter.
If you notice anything about the email that alarms you, do not click links, open attachments, or reply. You are the last line of defence to prevent cyber criminals from succeeding and making you or your company susceptible to phishing attacks.