Search

How to protect yourself from cyber-scammers over the festive period

<a href="https://theconversation.com/profiles/rachael-medhurst-1408437">Rachael Medhurst</a>, <a href="https://theconversation.com/institutions/university-of-south-wales-1586">University of South Wales</a> The festive season is a time for joy, family and festive cheer. However, it’s also a prime target for cybercriminals. As online shopping ramps up, so does the risk of falling prey to cyber-attacks. That’s why it’s crucial to be extra vigilant about your <a href="https://blog.tctg.co.uk/12-cyber-security-tips-of-christmas">cybersecurity</a> during this time. Here are some essential tips to safeguard yourself and your data during the festive period: <h2>Phishing</h2> Phishing is when criminals use scam emails, text messages or phone calls to trick their victims. Their <a href="https://www.ncsc.gov.uk/collection/phishing-scams">goal</a> is often to make you visit a certain website, which may download a virus on to your computer, or steal bank details or other personal data. This type of scam tends to <a href="https://www.egress.com/blog/phishing/holiday-phishing-scam-guide">increase</a> at this time due to the amount of people having bought or received new gadgets and technology. Look out for there being no direct reference to your name in any communications, with wording such as “Dear Sir/Madam” or other terms such as “valued customer” being used instead. Grammar and spelling mistakes are also often present. Be wary of any suspicious links or attachments within emails too, and don’t click them. It’s better to contact the company directly to check if the message is genuine. You can also <a href="https://www.ncsc.gov.uk/collection/phishing-scams">report</a> suspicious messages and phishing scams to the government’s National Cyber Security Centre. <h2>Shopping safely online</h2> The convenience of online shopping is undeniable, especially during the festive season. However, it’s crucial to prioritise your security when buying online. Before entering your personal and financial information on any website, ensure it’s legitimate and secure. Look for the “https” in the address bar and a <a href="https://theconversation.com/the-vast-majority-of-us-have-no-idea-what-the-padlock-icon-on-our-internet-browser-is-and-its-putting-us-at-risk-216581">padlock</a> icon, which indicates a secure and encrypted connection. When creating passwords for online shopping accounts, use strong, unique combinations of letters, numbers and symbols. Avoid using the same password for multiple accounts, as a breach on one site could compromise all your others. As with shopping in the real world, be cautious when encountering offers that are significantly below usual prices or which make extravagant promises. Always conduct thorough research on the seller and product before making a purchase. If a deal seems too good to be true, it probably is. And if you are out shopping in towns or city centres, there will often be a large number of public wifi options available to you. However, criminals can intercept the data that is transferred across such open and unsecured wifi. So, avoid using public wifi where possible, especially when conducting any financial transactions. <h2>Social media</h2> While social media platforms provide people with a means to keep in touch with family and friends over the festive period, they are often a goldmine for <a href="https://www.which.co.uk/consumer-rights/advice/how-to-spot-a-social-media-scam-aMtwF3u1XKGt">scams</a> and malware (software designed to disrupt, damage or gain unauthorised access to a computer). In the spirit of the festive season, people often share an abundance of personal information on social media, often without considering the potential consequences. This trove of data can make people vulnerable to cyber-attacks. Scammers can exploit this information to gain unauthorised access to social media accounts, steal personal information, or even commit identity theft. To protect yourself, be mindful of what you share. Be wary when interacting with posts and direct messages, especially if they contain suspicious links or attachments. Before clicking on anything, hover over the link to verify its destination. If it shows a website you don’t recognise or seems unrelated to the message, do not click on it. If you receive a message from someone you know but the content seems strange or out of character, contact them directly through a trusted channel to verify its authenticity. Likewise, be wary of messages containing urgent requests for money or personal information from businesses. Genuine organisations will never solicit sensitive details through social media. There are many buy and sell platforms available on social media. But while such platforms can be a great place to find a unique gift, it is also important to remember that not all sellers may be legitimate. So, it’s vital that you don’t share your bank details. If the seller sends a link to purchase the item, do not use it. When meeting to collect an item, it’s generally safer to use cash rather than transferring funds electronically. <figure><iframe src="https://www.youtube.com/embed/aO858HyFbKI?wmode=transparent&start=0" width="440" height="260" frameborder="0" allowfullscreen="allowfullscreen"></iframe><figcaption>Advice for staying safe online.</figcaption></figure> <h2>Package delivery scams</h2> As well as being a time for giving and receiving gifts, the festive season is also ripe for cybercriminals to exploit the excitement surrounding <a href="https://www.citizensadvice.org.uk/about-us/about-us1/media/press-releases/scams-linked-to-parcel-deliveries-come-top-in-2023/">package deliveries</a>. Scammers often pose as legitimate delivery companies, sending emails or text messages claiming that a delivery attempt was unsuccessful or requiring additional fees for processing, or even customs clearance. Typically, these messages contain links or phone numbers that, when clicked or called, lead to fake websites or automated phone systems designed to collect personal information or payments. To protect yourself, always verify the legitimacy of any delivery notifications you receive. Check the sender’s email address or phone number against the official contact information for the delivery company. If the information doesn’t match or seems suspicious, don’t click any links or provide personal details. Legitimate delivery companies will never ask for upfront payment or sensitive information through unsolicited messages or calls. Remember, cybercriminals are skilled at manipulating the festive spirit to their advantage. Stay vigilant, exercise caution, and don’t let your excitement for gifts and deliveries compromise your cybersecurity.<img style="border: none !important; box-shadow: none !important; margin: 0 !important; max-height: 1px !important; max-width: 1px !important; min-height: 1px !important; min-width: 1px !important; opacity: 0 !important; outline: none !important; padding: 0 !important;" src="https://counter.theconversation.com/content/218294/count.gif?distributor=republish-lightbox-basic" alt="The Conversation" width="1" height="1" /> <a href="https://theconversation.com/profiles/rachael-medhurst-1408437">Rachael Medhurst</a>, Course Leader and Senior Lecturer in Cyber Security NCSA, <a href="https://theconversation.com/institutions/university-of-south-wales-1586">University of South Wales</a> Image credits: Getty Images This article is republished from <a href="https://theconversation.com">The Conversation</a> under a Creative Commons license. Read the <a href="https://theconversation.com/how-to-protect-yourself-from-cyber-scammers-over-the-festive-period-218294">original article</a>.

Money & Banking

How household gas leaks affect your home in Adelaide

<span style="font-size: 11pt; font-family: Arial,sans-serif; color: #000000; background-color: transparent; font-weight: 400; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">If you're an Adelaide local, you'll know the city is as notorious for its hot summers as it is for its icy winters. One common necessity across all seasons is the reliance on gas. Be it for the central heating in winter or that gas oven whipping up a delightful roast, we can't really do without it. However, any discussion about gas and electricity supply here would be incomplete without addressing household gas leaks in Adelaide. <span style="font-size: 17pt; font-family: Arial,sans-serif; color: #000000; background-color: transparent; font-weight: bold; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">The Silent Stalker: Gas Leaks <span style="font-size: 11pt; font-family: Arial,sans-serif; color: #000000; background-color: transparent; font-weight: 400; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Often undetected and woefully underestimated, gas leaks can become a real concern if not addressed promptly. The main culprit in residential settings usually boils down to faulty gas appliances. An incorrectly installed gas appliance or ageing unit can develop leaks over time, silently emitting gas into your living space. <span style="font-size: 17pt; font-family: Arial,sans-serif; color: #000000; background-color: transparent; font-weight: bold; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Signs of a Gas Leak <span style="font-size: 11pt; font-family: Arial,sans-serif; color: #000000; background-color: transparent; font-weight: 400; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">So, what are the <a style="text-decoration: none;" href="https://cyberairconditioning.com.au/blog/what-do-gas-leaks-smell-like/"><span style="font-size: 11pt; font-family: Arial,sans-serif; color: #1155cc; background-color: transparent; font-weight: bold; font-style: normal; font-variant: normal; text-decoration: underline; -webkit-text-decoration-skip: none; text-decoration-skip-ink: none; vertical-align: baseline; white-space: pre-wrap;">indicators of a gas leak</a><span style="font-size: 11pt; font-family: Arial,sans-serif; color: #000000; background-color: transparent; font-weight: 400; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">? In the absence of an instinctive warning, we might unknowingly be dealing with a perilous scenario right at our fingertips. Luckily, nature offers us a clear heads-up: our sense of smell. Indeed, that rotten-egg-like aroma you sniff is likely due to the addition of a chemical called Mercaptan to your natural gas supply, which serves as a leak alert. Thus, if your nose detects something unpleasant in the air, it's a credible signal that a gas leak is present. <img src="https://oversixtydev.blob.core.windows.net/media/2023/12/GasLeaks02.jpg" alt="" width="1280" height="720" /> <span style="font-size: 11pt; font-family: Arial,sans-serif; color: #000000; background-color: transparent; font-weight: 400; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Apart from the smell, other signs include a higher-than-usual gas bill, dead patches on your lawn, or the persistent sound of a hissing near gas lines. <span style="font-size: 11pt; font-family: Arial,sans-serif; color: #000000; background-color: transparent; font-weight: 400; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">So what do you do if you suspect a gas leak? Well, common sense and caution are your top mates here. <span style="font-size: 17pt; font-family: Arial,sans-serif; color: #000000; background-color: transparent; font-weight: bold; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">When a Gas Leak Occurs <span style="font-size: 11pt; font-family: Arial,sans-serif; color: #000000; background-color: transparent; font-weight: 400; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Start by making sure you're not creating an ignition source. This means avoiding lighting matches or using a cigarette lighter inside your home. Similarly, don't operate electrical equipment close to the suspected leak area. <span style="font-size: 11pt; font-family: Arial,sans-serif; color: #000000; background-color: transparent; font-weight: 400; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Ensuring good air circulation is paramount in such situations, so swing open your doors and windows to facilitate the diffusion of the gas. If the odour is overpowering, promptly guide your loved ones and pets to a secure location outdoors. <img src="https://oversixtydev.blob.core.windows.net/media/2023/12/GasLeaks03.jpg" alt="" width="1280" height="720" /> <span style="font-size: 11pt; font-family: Arial,sans-serif; color: #000000; background-color: transparent; font-weight: 400; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Once you're in a safe position, immediately dial emergency services. And remember, attending to a gas leak isn't a task you just anyone can do. <span style="font-size: 17pt; font-family: Arial,sans-serif; color: #000000; background-color: transparent; font-weight: bold; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">What Happens If a Gas Leak Goes Unnoticed <span style="font-size: 11pt; font-family: Arial,sans-serif; color: #000000; background-color: transparent; font-weight: 400; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">A frequently unobserved gas leak can pose significant dangers in your home. While it's crucial to heed the signs, smell gas, and call in professional help, it's also vital to understand what can happen if a gas leak goes unnoticed. As Adelaide homeowners, it's our responsibility to remain well-informed on the consequences of an ignored gas leak and be prepared to take swift action. <span style="font-size: 13pt; font-family: Arial,sans-serif; color: #000000; background-color: transparent; font-weight: bold; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Health Hazards <span style="font-size: 11pt; font-family: Arial,sans-serif; color: #000000; background-color: transparent; font-weight: 400; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">The primary danger of an unnoticed gas leak is its potential health impacts. Being exposed to leaking gas—from devices like stoves, heaters, or your gas water heater—can induce an array of symptoms, including <a href="https://www.oversixty.com.au/health/body/6-ways-to-combat-headaches-without-painkillers" target="_blank" rel="noopener">headaches</a>, dizziness, nausea, and weariness. These minor symptoms could potentially worsen to more critical health conditions, such as breathing difficulties, memory impairment, and in severe situations, unconsciousness. <span style="font-size: 11pt; font-family: Arial,sans-serif; color: #000000; background-color: transparent; font-weight: 400; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Furthermore, carbon monoxide, an invisible and odourless hazardous gas that occurs from malfunctioning gas or electrical appliances, can lead to carbon monoxide poisoning. This condition can display symptoms resembling flu but can escalate to chronic neurological impairment or even prove fatal in the long run. <span style="font-size: 13pt; font-family: Arial,sans-serif; color: #000000; background-color: transparent; font-weight: bold; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Fire or Explosion Risk <span style="font-size: 11pt; font-family: Arial,sans-serif; color: #000000; background-color: transparent; font-weight: 400; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">A more immediate danger of an unnoticed gas leak is the potential for a fire or explosion. When the concentration of leaked gas in the air reaches a threshold level, even the smallest spark or open flame can ignite it. This might result from someone lighting a match or a cigarette lighter or inadvertently switching on an electrical device near the gas leak source. <span style="font-size: 11pt; font-family: Arial,sans-serif; color: #000000; background-color: transparent; font-weight: 400; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Consequently, the ignited gas can cause a destructive fire or explosion, leading to significant property damage, serious injuries, or fatalities. <span style="font-size: 13pt; font-family: Arial,sans-serif; color: #000000; background-color: transparent; font-weight: bold; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Environmental Impact <span style="font-size: 11pt; font-family: Arial,sans-serif; color: #000000; background-color: transparent; font-weight: 400; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Say, for example, your outdoor gas metre is damaged or the gas pipes buried in your garden develop leaks. The escaped gas can cause harm to your plants and lawn, creating dead patches of grass, discoloured vegetation, or stunted growth. Furthermore, prolonged leaking of natural gas can contribute to greenhouse gas emissions, aggravating the issues of air pollution and climate change. <span style="font-size: 17pt; font-family: Arial,sans-serif; color: #000000; background-color: transparent; font-weight: bold; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Call in the Experts: Licensed Gas Fitter <span style="font-size: 11pt; font-family: Arial,sans-serif; color: #000000; background-color: transparent; font-weight: 400; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">When it comes to gas leaks, it's critical not to mess with things you're not licensed to handle. In Adelaide, turn to a licensed gas fitter for gas leak repairs. Your gas fitter is trained in gas leak detection and repair gas leaks to ensure the safety of your home. <img src="https://oversixtydev.blob.core.windows.net/media/2023/12/GasLeaks04.jpg" alt="" width="1280" height="720" /> <span style="font-size: 11pt; font-family: Arial,sans-serif; color: #000000; background-color: transparent; font-weight: 400; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Further, regular inspections and proper installation of gas appliances can prevent gas leaks in the first place. If you've been regularly revamping your home with advanced gas installations and didn't already know this, well, you've been living under a rock, mate. <span style="font-size: 11pt; font-family: Arial,sans-serif; color: #000000; background-color: transparent; font-weight: 400; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Proactive steps in your gas supply system, like the installation of carbon monoxide detectors and reviewing your gas metre's location, can help identify potential leaks and prevent dangerous carbon monoxide poisoning, exhibiting your perfect gumption. <span style="font-size: 17pt; font-family: Arial,sans-serif; color: #000000; background-color: transparent; font-weight: bold; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Wrapping Up <span style="font-size: 11pt; font-family: Arial,sans-serif; color: #000000; background-color: transparent; font-weight: 400; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">As part of the Adelaide community, it's essential to be aware of the potential hazards that household gas leaks can introduce into our homes. A gas leak can spell disaster, from health risks to damage to our property. Being alert for the signs and knowing when to call in the professionals is our best defence against these leaks. <span style="font-size: 11pt; font-family: Arial,sans-serif; color: #000000; background-color: transparent; font-weight: 400; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Secure your home from gas leaks with trusted <a style="text-decoration: none;" href="https://cyberairconditioning.com.au/locations/sa/air-conditioning-adelaide/"><span style="font-size: 11pt; font-family: Arial,sans-serif; color: #1155cc; background-color: transparent; font-weight: bold; font-style: normal; font-variant: normal; text-decoration: underline; -webkit-text-decoration-skip: none; text-decoration-skip-ink: none; vertical-align: baseline; white-space: pre-wrap;">Air Conditioning Services in Adelaide</a><span style="font-size: 11pt; font-family: Arial,sans-serif; color: #000000; background-color: transparent; font-weight: 400; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">. Remember, it's always better to have a professional tend to leaks or complications with your plumbing gas system, rather than trying to be a hero and tackling it yourself. Prevent gas leaks, save lives, Adelaide! Images: Supplied. This is a sponsored article produced in partnership with Cyber Air Conditioning.

Home & Garden

“Turn your phone off”: The simple reason behind Albanese’s warning

Prime Minister Anthony Albanese has issued a clear warning to the public, advising them to "turn their phones off" as a safety measure to avoid potential dangers. Albanese delivered this cautionary message last week while announcing the appointment of Australia's first national cybersecurity coordinator, Air Commander Darren Goldie of the Royal Australian Air Force. Goldie was quick to echo the Prime Minister's sentiments, emphasising the importance of mobilising both the private sector and consumers in the fight against cyber threats. "We all bear responsibility in this matter. Simple actions, such as turning off your phone every night for five minutes, can make a significant difference. "I encourage everyone watching to adopt this practice once every 24 hours, perhaps while engaging in daily routines like brushing your teeth," stated Albanese during the press conference. While rebooting your device on a daily basis may seem like a basic precaution, it can greatly enhance your protection against cybercriminals. Often, various applications and processes continue running in the background of your phone or computer, even when you're not actively using them. If unauthorised individuals gain access to these apps and processes, they can monitor your activities and collect your data, including financial information and identification documents, and even hijack your webcam or phone camera. By rebooting your phone, you force the closure of all background applications and processes, effectively evicting anyone attempting to track your virtual movements. Priyadarsi Nanda, a cybersecurity expert at the University of Technology Sydney, supported Albanese's advice, emphasising the importance of periodically turning off one's phone. "Considering how extensively we use smartphones in our daily lives, there have been cases where individuals haven't turned off their phones for an entire year," Dr. Nanda told The Guardian. "If there is a malicious process running, switching off the phone breaks the chain. While it may only provide protection while the phone is off, it undoubtedly frustrates potential hackers. Although not foolproof, rebooting can make it more challenging for hackers to compromise your device." It is crucial to note that this measure does not safeguard against all forms of cybercrime. If your password has been stolen or you are being repeatedly and strategically targeted, for example, a simple reboot is unlikely to deter the most persistent hackers. Image: Wikimedia / Australian Government

Technology

Australia’s approach to cyber security lacks citizen engagement

Australia’s cyber security strategies advocate for a ‘whole-of-society’ response to countering foreign interference threats, but policy experts say efforts to engage the public are largely tokenistic. Researchers from Flinders University surveyed 1500 Australians and undertook in-depth focus groups across three states in late 2020 to assess public attitudes to institutional trust, digital literacy and perceptions of cyber threats. The research findings, <a href="https://www.tandfonline.com/doi/full/10.1080/14702436.2022.2138349" target="_blank" rel="noreferrer noopener">published</a> in Defence Studies, highlight a gap between policy rhetoric and action. The authors characterise Australia’s response as “top-down”, “technocratic” and “elite-driven”. According to the study, citizens’ attitudes and engagement are the key to resilience in the face of cyber threats, given foreign interference often seeks to undermine trust in democracy, manipulate public opinion, sow distrust and emphasise society’s underlying divides. Cyber-enabled foreign interference can come in many forms including disinformation, hacking, doxing, ransomware attacks, trolling, and the use of bots. Co-author Associate Professor Robert Manwaring says, “there’s generally little meaningful strategic effort to engage citizens in government-led responses, overlooking what’s often called the ‘social layer’ of cybersecurity.” <div class="advert ad-in-content"> <div id="adn-00000000001fc2ca" style="display: none;"></div> </div> The research finds Australia’s policy approach largely regards the public as passive, rather than as engaged and empowered to combat cyber threats. The paper highlights key areas where public attitudes about democracy, institutions and cyber threats are potential fodder for foreign actors. <div class="newsletter-box"> <div id="wpcf7-f6-p225801-o1" class="wpcf7" dir="ltr" lang="en-US" role="form"> <form class="wpcf7-form mailchimp-ext-0.5.62 spai-bg-prepared init" action="/australia/cyber-security-citizen-engagement/#wpcf7-f6-p225801-o1" method="post" novalidate="novalidate" data-status="init"> <input class="wpcf7-form-control wpcf7-text referer-page" name="referer-page" type="hidden" value="https://cosmosmagazine.com/technology/" data-value="https://cosmosmagazine.com/technology/" aria-invalid="false" /> </form> </div> </div> Survey responses indicate Australians lack confidence in the integrity and honesty of public officials, influence over policy making, transparency and accountability. For instance, around 80% of survey respondents consider public officials not using public office for private gain as a fundamental feature of democracy, yet only 39% see this practice upheld in Australia. In addition, while the public service and security institutions of the police and armed forces enjoy high levels of trust, respondents overwhelmingly agree that Australia’s institutions are out of touch with regular people and run by “big interests.” <div class="advert ad-in-content"> <div id="adn-00000000001fc2ca" style="display: none;"></div> </div> The paper says such disillusion is ripe for exploitation and can hamper state-led responses to cyber threats. The survey results also show Australian citizens lack confidence in their ability to identify mis and dis information online, with only 20% “very confident” in their own media and digital literacy skills. Australia’s cyber defences would be bolstered by a stronger focus on understanding citizens’ concerns and narratives, the researchers conclude. Manwaring says, “we need to encourage a genuinely whole-of-society approach – something which, like Sweden and Finland, are making considerable inroads.” <div class="advert ad-in-content"> <div id="adn-00000000001fc2ca" style="display: none;"></div> </div>  <img id="cosmos-post-tracker" style="opacity: 0; height: 1px!important; width: 1px!important; border: 0!important; position: absolute!important; z-index: -1!important;" src="https://syndication.cosmosmagazine.com/?id=225801&title=Australia%E2%80%99s+approach+to+cyber+security+lacks+citizen+engagement" width="1" height="1" data-spai-target="src" data-spai-orig="" data-spai-exclude="nocdn" />  <div id="contributors"> <a href="https://cosmosmagazine.com/australia/cyber-security-citizen-engagement/" target="_blank" rel="noopener">This article</a> was originally published on Cosmos Magazine and was written by Petra Stock. Image: Getty Images </div>

Technology

Just 25% of businesses are insured against cyber attacks. Here’s why

In the past financial year, the Australian Cyber Security Centre received <a href="https://www.cyber.gov.au/acsc/view-all-content/reports-and-statistics/acsc-annual-cyber-threat-report-july-2021-june-2022" target="_blank" rel="noopener">76,000 cyber-crime reports</a> – on average, one every seven minutes. The year before, it was a report every eight minutes. The year before that, every ten minutes. The growth of cyber crime means it is now arguably the <a href="https://www.aon.com/2021-global-risk-management-survey/index.html" target="_blank" rel="noopener">top risk facing any business</a> with an online presence. One successful cyber attack is all it takes to ruin an organisation’s reputation and bottom line. The estimated cost to the Australian economy in <a href="https://www.unsw.adfa.edu.au/newsroom/news/cybercrime-estimated-42-billion-cost-australian-economy" target="_blank" rel="noopener">2021 was $42 billion</a>. To protect itself (and its customers), a business has three main options. It can limit the amount of sensitive data it stores. It can take greater care to protect the data it does store. And it can insure itself against the consequences of a cyber attack. Cyber-insurance is a broad term for insurance policies that address losses as a result of a computer-based attack or malfunction of a firm’s information technology systems. This can include costs associated with business interruptions, responding to the incident and paying relevant fines and penalties. The global cyber-insurance market is now worth an estimated US$9 billion (A$13.9 billion). It is tipped to grow to <a href="https://www.munichre.com/content/dam/munichre/contentlounge/website-pieces/documents/MunichRe-Topics-Cyber-Whitepaper-2022.pdf/_jcr_content/renditions/original./MunichRe-Topics-Cyber-Whitepaper-2022.pdf" target="_blank" rel="noopener">US$22 billion by 2025</a>. But a big part of this growth reflects escalating premium costs – in Australia they increased more <a href="https://www.insurancebusinessmag.com/au/news/cyber/whats-driving-up-cyber-insurance-premiums-in-australia-417542.aspx" target="_blank" rel="noopener">than 80% in 2021</a> – rather than more business taking up insurance. So coverage rates are growing slowly, with about 75% of all businesses in Australia having no cyber-insurance, according to 2021 figures from the <a href="https://insurancecouncil.com.au/wp-content/uploads/2022/03/Cyber-Insurance_March2022-final.pdf" target="_blank" rel="noopener">Insurance Council of Australia</a>. Challenges in pricing cyber-insurance With cyber-insurance still in its infancy, insurers face significant complexities in quantifying cyber risk pricing premiums accordingly – high enough for the insurers not to lose money, but as competitive as possible to encourage greater uptake. A 2018 assessment of the cyber-insurance market by the <a href="https://www.cisa.gov/sites/default/files/publications/20_0210_cisa_oce_cyber_insurance_market_assessment.pdf" target="_blank" rel="noopener">US Cybersecurity and Infrastructure Security Agency</a> identified three major challenges: lack of data, methodological limitations, and lack of information sharing. Lack of historical loss data means insurers are hampered in accurately predicting risks and costs. Because of the relative newness of cyber crime, many insurers use risk-assessment methodologies derived from more established insurance markets <a href="https://www.rand.org/pubs/external_publications/EP67850.html" target="_blank" rel="noopener">such as for car, house and contents</a>. These markets, however, are not analogous to cyber crime. Companies may be hesitant to disclose information about cyber incidents, unless required to do so. Insurance carriers are reluctant to share data pertaining to damage and claims. This makes it hard to create effective risk models that can calculate and predict the likelihood and cost of future incidents. So what needs to be done? Deakin University’s <a href="https://cybercentre.org.au/" target="_blank" rel="noopener">Centre for Cyber Security Research and Innovation</a> has been working with insurance companies to understand what must be done to improve premium and risks models pertaining to cyber insurance. Here is what we have found so far. First, greater transparency is needed around cyber-related incidents and insurance to help remedy the lack of data and information sharing. The federal government has taken two steps in the right direction on this. One is the <a href="https://www.accc.gov.au/focus-areas/consumer-data-right-cdr-0" target="_blank" rel="noopener">Consumer Data Right</a>, which provides guidelines on how service providers must share data about customers. This came into effect in mid-2021. The other is the government’s proposal to amend <a href="https://www.aph.gov.au/Parliamentary_Business/Bills_Legislation/Bills_Search_Results/Result?bId=r6940" target="_blank" rel="noopener">privacy legislation</a> to increase penalties for breaches and give the Privacy Commissioner new powers. Second, insurers must find better ways to measure the financial value and worth of the data that organisations hold. The primary asset covered by cyber insurance is the data itself. But there is no concrete measure of how that data is worth. The recent Optus and Medibank Private data breaches provide clear examples. The Optus event affected millions more people than the Medibank Private hack, but the Medibank Private data includes <a href="https://www.afr.com/technology/privacy-fallout-from-medibank-hack-will-be-widespread-20221023-p5bs75" target="_blank" rel="noopener">sensitive medical data</a> that, in principle, is worth far more than data regarding just your personal identity. Without an accurate way to measure the financial value of data, it is difficult to determine the appropriate premium costs and coverage. Cyber insurance is a new, specialised market with significant uncertainty. Given the ever-increasing risks to individuals, organisations and society, it is imperative that insurers develop robust and reliable risk-based models as soon as possible. This will require a consolidated effort between cyber-security experts, accountants and actuaries, insurance professionals and policymakers.<img style="border: none !important; box-shadow: none !important; margin: 0 !important; max-height: 1px !important; max-width: 1px !important; min-height: 1px !important; min-width: 1px !important; opacity: 0 !important; outline: none !important; padding: 0 !important;" src="https://counter.theconversation.com/content/193533/count.gif?distributor=republish-lightbox-basic" alt="The Conversation" width="1" height="1" /> Writen by Jongkil Jay Jeong and Robin Doss. Republished with permission from <a href="https://theconversation.com/just-25-of-businesses-are-insured-against-cyber-attacks-heres-why-193533" target="_blank" rel="noopener">The Conversation</a>. Image: Getty Images

Money & Banking

“So tone deaf”: Karl loses it over Medibank bosses' massive bonuses

Karl Stefanovic has slammed the top bosses at Medibank after it has been revealed they will be taking home millions in bonuses amid the company’s cyber attack crisis. While ten million of Medibank’s customers are learning whether their personal data has made it onto the dark web - and fork out cash to keep themselves safe - bosses will still be collecting a total of $7.3 million in bonuses. Joel Andrews, one customer whose data has been stolen, told Today that “it’s disgusting” that bosses aren’t willing to give up their bonuses despite affected customers facing financial losses. “I’m furious,” Andrews said. “To think that it’s taken them a month to get this information out to us and say what’s been released, I understand it takes time to find these things out but it’s taken them that long. “They promised early on that they would act quickly because it’s such a time-sensitive issue, and it feels like they have just left it up to them, on their timing.” “I mean you’ve got the Medicare boss getting $1.5 million in bonuses last financial year,” co-host Ally Langdon said. “He also receives 150 percent of his fixed salary in shares … it’s pretty tone deaf, isn’t it?” “It’s disgusting,” Andrews replied. "To think that all of the customers out there, ten million customers, if each of them have to pay for their own software to do data protection, losses to them are around $100 each,. "That's a significant loss to each person and they are not willing to give up their bonuses." Stefanovic, who found out he was also a victim of the attack just two days ago, said he had “no sympathy” for the company as it faces declining share prices and hefty costs as a result of the attack and agreed the bonuses were “disgusting”. “It’s a failure across the board and they’re giving themselves bonuses,” the Today Show host said. “It’s unbelievable. "This is so tone deaf, it is one of the most tone deaf things I have seen a corporation do in Australia for a long, long time.” The health insurance company has come under fire for how it handled the cyber attack, with customers’ data being leaked onto the dark web after it refused to pay a ransom and affected customers finding out if they’ve been targeted more than a month later. As the Australian Federal Police continue their investigation into the attack, they have promised to take swift action against anyone who accesses the private data shared on the dark web. Affected customers who aren’t happy with Medicare’s actions or its handling of the situation have also begun proceedings to file a lawsuit against the company. Image: The Today Show

Money & Banking

What is ransomware and how is it dealt with?

<div> <div class="copy"> <h3>What is ransomware?</h3> Ransomware is a type of malicious software – AKA malware – that infects and takes control of a device. It blocks access to files or even whole devices, and then sends a message demanding a ransom to grant access to those files. This is a common form of cybercrime that has recently affected <a rel="noreferrer noopener" href="https://www.afr.com/policy/health-and-education/unisa-cyber-attack-hits-staff-email-20210519-p57td5" target="_blank">universities</a>, <a rel="noreferrer noopener" href="https://www.stuff.co.nz/national/health/125294482/cyber-attack-waikato-dhb-counting-ransomware-cost-but-it-remains-to-be-tallied" target="_blank">hospitals</a> and <a rel="noreferrer noopener" href="https://www.abc.net.au/news/2021-06-02/fbi-investigating-jbs-meatworks-ransomwear-cyber-attack/100183376" target="_blank">meatworks</a>. Because it blocks vital data from being accessed, it can <a rel="noreferrer noopener" href="https://www.zdnet.com/article/ransomware-an-executive-guide-to-one-of-the-biggest-menaces-on-the-web/" target="_blank">massively disrupt</a> organisations that use the shared networks and/or the internet – which is, well, everyone at this point. <h3>How does ransomware work?</h3> Malware is infectious software that will download onto a computer, phone or other device. It can be shared though phishing emails, links in messages or other online locations, or fake download buttons. Sometimes it can be difficult to tell whether a link or button is malicious in the first place. When the fake link is clicked, the malware automatically downloads and then hunts through the system or network to identify important data. The software can lock the device or files with a new password, or encrypt files with a secret key, preventing access. This can be exacerbated because malware can be accompanied by social-engineering tools that trick you into granting admin access, or it can exploit security holes to dive into the important files and software on the computer without even needing to get ‘permission’. There are <a rel="noreferrer noopener" href="https://resources.infosecinstitute.com/topic/a-brief-summary-of-encryption-method-used-in-widespread-ransomware/#gref" target="_blank">many ways of encrypting files</a>, but the point is to prevent user access with computer algorithms. Without an up-to-date backup, this data is essentially lost. The user will then often see a ransom note in the form of a message demanding (usually) money to lift the password or encryption. Of course, paying the ransom doesn’t mean the cyber-criminal will actually lift the encryption, and if you have paid up once, there is incentive for the criminal to do it again. <iframe title="vimeo-player" src="https://player.vimeo.com/video/497805836" allowfullscreen="" width="640" height="360" frameborder="0"></iframe> Credit: cyber.gov.au The real kicker here is that the infectious software can gain access to a whole network of connected devices, even if it has been downloaded on just one computer – which means businesses that have shared data can be completely prevented for accessing anything, including saved files, emails and user profiles. There is no simple explanation of how the programming works – it is complex software engineering that can be continuously updated, and there are <a rel="noreferrer noopener" href="https://www.unitrends.com/solutions/ransomware-education" target="_blank">different examples</a> that can be spread and downloaded in ways the suit the attacker. <h3>What does ransomware look like?</h3> Because malware can pop up in almost anywhere, it is often hard to identify. A lot of ransomware is designed to look like something real, such as a casual email attachment, something shared via social media, or a website that looks almost like a real website you wanted to visit, but has a few different letters in the URL. in one sneaky approach, the attacker can even pretend to be somebody from law enforcement who is “stopping another cybercrime” that they accuse you of, and then demand a fine from you – but there are easier ways to get access to a device. The main thing to remember is that a lot of phishing can be prevented by not clicking suspicious links. Just a little life hack on how not to get hacked. <iframe src="https://giphy.com/embed/MM0Jrc8BHKx3y" width="480" height="270" frameborder="0" class="giphy-embed" allowfullscreen=""></iframe> <a rel="noopener" href="https://giphy.com/gifs/hacker-MM0Jrc8BHKx3y" target="_blank">via GIPHY</a> <h3>Who is committing ransomware cybercrimes?</h3> More seriously, this in an increasingly big business – between ransoms paid, loss of data and downtime, costs of recovery, and other security and investigations, ransomware attacks cost the world <a rel="noreferrer noopener" href="https://cybersecurityventures.com/ransomware-damage-report-2017-part-2/" target="_blank">$5 billion in 2017</a>. Cybercriminals are often individuals or work in teams or networks, but there are also <a rel="noreferrer noopener" href="https://cosmosmagazine.com/people/society/cybercrime-can-be-a-tough-game/" target="_blank">crimeware-as-a-service</a> groups that essentially operate as a business. <h3>What cybersecurity measures need to be in place?</h3> Technology develops so quickly that defenders and attackers can get stuck in an arms race, so cybersecurity and trained professionals are <a rel="noreferrer noopener" href="https://cosmosmagazine.com/technology/ai/cosmos-briefing-intelligent-manufacturing/" target="_blank">absolutely essential</a> to an online world, especially as we begin to incorporate more AI and machine learning into our manufacturing. Once ransomware is in a network, it’s extremely hard to remove. <div class="twitter-tweet twitter-tweet-rendered" style="display: flex; max-width: 550px; width: 100%; margin-top: 10px; margin-bottom: 10px;"><iframe id="twitter-widget-0" scrolling="no" frameborder="0" allowtransparency="true" allowfullscreen="true" class="" style="position: static; visibility: visible; width: 551px; height: 389px; display: block; flex-grow: 1;" title="Twitter Tweet" src="https://platform.twitter.com/embed/Tweet.html?creatorScreenName=CosmosMagazine&dnt=false&embedId=twitter-widget-0&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3NwYWNlX2NhcmQiOnsiYnVja2V0Ijoib2ZmIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=1399844326855880704&lang=en&origin=https%3A%2F%2Fcosmosmagazine.com%2Ftechnology%2Fwhat-is-ransomware-and-how-is-it-dealt-with%2F&sessionId=1edacffebc49fba152bed8435892b99ad3545164&siteScreenName=CosmosMagazine&theme=light&widgetsVersion=fcb1942%3A1632982954711&width=550px" data-tweet-id="1399844326855880704"></iframe></div> First and foremost, keep backups. If all your files get encrypted but you have another offline backup, it’s simple to restore your data. Always keep your malware security up to date. Attackers obviously try to get around this security, but it is a whole lot better than having none at all. Many companies test their systems with <a rel="noreferrer noopener" href="https://us.norton.com/internetsecurity-emerging-threats-what-is-the-difference-between-black-white-and-grey-hat-hackers.html" target="_blank">white hat hackers</a>, who attempt to hack their systems to recognise – and fix – the security flaws. Teaching people to recognise <a rel="noreferrer noopener" href="https://www.consumer.ftc.gov/articles/how-recognize-and-avoid-phishing-scams" target="_blank">phishing emails</a> and be cautious about suspicious sites and links is also necessary, but it can only go so far, because phishing material is constantly being ‘improved’ to blend in better. Don’t click on links or open attachments if you don’t know the sender of the email. A lot of these emails suggest you need to make a payment, have breached some sort of contract, or pretend to have blocked access to an account. Because ransomware secretly searches your device, there can be a delay between when a link is clicked and when files are encrypted. There is a rise in predictive analytics and machine learning to help detect this suspicious behaviour and shut it down early. And finally, if you do get attacked, <a rel="noreferrer noopener" href="https://www.cyber.gov.au/ransomware#:~:text=Ransomware%20is%20a%20type%20of,to%20get%20back%20your%20access." target="_blank">don’t pay up</a>, because it’s likely to make you seem like an easy target in the future. <h2>Q&A with a cybersecurity expert</h2> We asked Diep Ngyuen, Senior Lecturer in the Faculty of Engineering and Information Technology at UTS, for a little more depth. This is what they said <h3>How can a cyber-attack effect a whole network?</h3> Cyber attacks target either to bring down networks/systems (make them malfunction) or to compromise the information access authority or integrity. Although the former is often closer and easier to understand to most people, the latter is more popular and the major target of most daily life cyber attacks. For example, DoS (Denial-of-Service) attacks can make a network or service inaccessible for some time, disrupting corporates’ functioning or business. These types of attacks can be easily detected. However, cybercrimes often target high-value information and attempt to illegally access it or even alter the information. The information authority or integrity attacks are more difficult to be detected but their consequences can be very damaging, even much worse than the DoS attacks. <h3>What are some common cybersecurity precautions?</h3> To prevent or reduce risks from cyber attacks, IT core engineers/experts and daily users can take different approaches. However, these approaches all aim to early detect cyber threats, then effectively protect or cure the systems when the attacks really happen. One of the most common precautions [is] to avoid using services/websites, apps, hardware from non-certified or low-reputation sources/providers. These systems often have back doors or vulnerable loopholes that can be leveraged by cybercrimes. The second precaution would be to update and follow security recommendations from governments and experts, e.g., using multi-factor authentication methods, not to share or be cautious on sharing personal/private information like Date of Birth, photos, [etc] on open platforms (even social media). The last, but not least, is to become more aware of cyber threats/risks before deciding to take any action (e.g., do you understand the risk of using Apple pay or using activity trackers?). <h3>How has cyber security changed over the last decade?</h3> Cyber security landscape has been changing dramatically over the last 10 years. This is because of the penetration of IT to every corner of our daily life, from working, entertaining, to sleeping. This is also because of the ever-growing advances in attacks and their countermeasures. In comparison with 10 years ago, the number of connecting devices today has been increased by multiple times.On average, each person now would have more than a few connecting devices (e.g., phones, activity trackers, laptops, sensors at home). These devices, [while they] bring us lots of conveniences, are making us more vulnerable to cyber threats when they are attacked or compromised. More importantly, most of these newly added devices (e.g., in Internet of Things) are limited in computing and storage capability or referred to as low-end devices in cyber security. They are more susceptible to cyber threats. The advances in machine learning and AI also empower cybercrimes, allowing them to launch larger scale and more damaging attacks. Image credit: Shutterstock  <img id="cosmos-post-tracker" style="opacity: 0; height: 1px!important; width: 1px!important; border: 0!important; position: absolute!important; z-index: -1!important;" src="https://syndication.cosmosmagazine.com/?id=154123&title=What+is+ransomware+and+how+is+it+dealt+with%3F" alt="" width="1" height="1" />  </div> <div id="contributors"> This article was originally published on <a rel="noopener" href="https://cosmosmagazine.com/technology/what-is-ransomware-and-how-is-it-dealt-with/" target="_blank">cosmosmagazine.com</a> and was written by Deborah Devis. </div> </div>

Technology

Nine Network hit with major cyber attack

The Nine Network is at the centre of the largest cyber attack on a media company in Australia's history, which has brought the network's news production systems around the country to a grinding halt for over 24 hours. Television and digital production systems have been offline since the early hours of yesterday morning. The site, <a rel="noopener" href="http://9news.com.au/" target="_blank">9news.com.au</a> has also been affected. The Today show aired this morning. The attack is currently being investigated and it's unclear whether it was criminal sabotage or the work of a foreign nation. It has been described as a sophisticated and calculated attack and has caused major disruptions. Nine has revealed that they will have a contingency plan set up in case anything like this occurs again. It is working alongside the Australian Cyber Security Centre in order to resolve the issue, but there are concerns it took weeks for it to go back o normal. In an email yesterday, Nine Entertainment's People & Culture Director Vanessa Morley instructed all employees to work from home indefinitely as the company deals with the cyber attack. "Our IT teams are working around the clock to fully restore our systems, which have primarily affected our Broadcast and Corporate business units. Publishing and Radio systems continue to be operational." While cyberattacks are common occurrence, one on this scale is unprecedented. "There are about 30 cyber gangs working in Russia and they do about $2 billion worth of business every year from these type of attacks," cyber security expert Paul Twomey told 9News. Treasurer Josh Frydenberg refused to be drawn on who could be behind such an attack, but said the threat is 'very real'. "We are as a government investing record amounts of money in ensuring that not only government systems are equipped to deal with this cyber threat but that we're working with the business community and the private sector more generally to ensure that their systems are best in class. Because this threat is not going away," he told Today. "Whether it's other governments or whether it's criminal organisations, cyber security is the new battle front. "It's the new front line. It's where there is a war every single day."

News

How your grandkids can beat cybersecurity challenges head on

How well are we preparing the typical primary school kid for life when they graduate in 2032? Current attitudes to education around cybersecurity and online safety skew towards caution at all costs. We often <a href="https://www.education.vic.gov.au/about/programs/bullystoppers/Pages/princyber.aspx">focus on schools’ duty of care</a> rather than fostering skills and <a href="https://doi.org/10.14264/uql.2018.865">frameworks of digital ethics</a> which empower students. There is a danger we are letting kids down with a fear-driven mentality instead of engaging their challenges head on. Both parents and teachers can help kids in this capacity: let’s take a look at how (tips below). Fear can be a barrier We educational technologists often have cybersecurity discussions with students, parents and teachers with digital fluency levels ranging from expert to little-to-no knowledge. As parents and teachers we can understandably be fearful of the role of technology in kids’ lives, however this can sometimes be a barrier to student learning. Around six years ago, Wooranna Park Primary School in Victoria, Australia introduced new technologies that had an immediate positive influence on student outcomes. Yet some drew negative feedback from parents, due mainly to misconceptions and fear of the unknown. Communication is vital Sandbox video game Minecraft is a powerful tool for collaborative learning. It provides an infinite 3D space where students collaboratively learn just about anything you can think of: from numeracy and literacy, to 3D printing, coding, science, financial literacy and art. Many schools use Minecraft now. Yet it was met with a lot of trepidation from parents when first introduced as a learning tool at the school. One parent had specific fears about Minecraft (“isn’t it about murdering babies or something?”), taking these directly to the principal, who took the time to share the benefits and provide detailed information. This particular parent now plays Minecraft with their children. Likewise when YouTube was first allowed within the school, some parents and even staff were worried about it. However as a video sharing service where people can watch, like, share, comment and upload videos, it is now a core technology supporting self-directed learning. Today the school would feel like it was coming to a standstill without it. The pedagogic context is the key here — and it wasn’t until learning engagement data was communicated to the school community that overall negative opinion changed to a positive one. Now students aren’t just consuming content from YouTube, they are uploading their own work and sharing it with their parents. Personal responsibility, healthy conversations Minecraft and YouTube are examples of Web 2.0 technologies. We are now transitioning into the age of <a href="https://www.techopedia.com/definition/4923/web-30">Web 3.0 </a> – the decentralised web, where personal responsibility is paramount. We’re at the cusp of the widespread adoption of a whole range of disruptive technologies that work less like curated gardens and more like ecosystems. These are based on new core technologies like blockchain and the distributed web (also known as Interplanetary File System, or <a href="https://ipfs.io/">IPFS</a>). These approaches effectively eschew the “platform”, and allow users to connect directly with each other to communicate, create and transact. These will benefit students in the long term, but will inevitably draw alarm due to misunderstanding in the short term. The way we can get ahead of this as a community is by introducing a culture of having healthy conversations at home and in school much more often. Start them young It is almost never too early to start teaching kids about cybersecurity. Students at Wooranna Park Primary School as young as five and six are learning about cutting edge technologies such as IPFS, cryptography, blockchain, virtual and augmented reality (VR/AR), robotics and artificial intelligence (AI). The kids learn these topics within the context of active inquiry, giving them choices about the software and devices they use in order to empower them as technology-enhanced learners. A <a href="https://doi.org/10.14264/uql.2018.865">recent study</a> of 1:1 classroom projects by researcher Theresa Ashford found a strongly regulatory culture in education focused on “filtering and monitoring”. This failed to instil a critically important framework of digital ethics, with students quickly finding ways to navigate around barriers. We can avoid this by not being fearful of technology use by children, but instead helping them navigate through the complexities. Tips on how to talk to your children about cybersecurity <ul> <li> talk to them about what they are doing online, what websites they visit, and what apps and online services they are using </li> <li> sit with them while they use technology and observe, then discuss what they think about and how they feel </li> <li> ask whether they think what they see online is always true, and how they would know if something wasn’t real </li> <li> encourage critical thinking and credibility evaluation skills (what Howard Rheingold calls “<a href="https://www.youtube.com/watch?v=AHVvGELuEqM&feature=youtu.be">crap detection</a>”) as well as ethical engagement by talking through specific examples </li> <li> provide clear ways that kids can check primary sources, such as looking for credible primary sources (not just depending on the Wikipedia entries, but reading the primary sources linked by them) </li> <li> encourage kids to protect their personal data, and explain that when you put something online it will most likely be there forever </li> <li> brainstorm with them about possible online pitfalls, like bullying, scams, targeted advertising, child exploitation and identity theft </li> <li> commit to learning alongside your kids about the online worlds they inhabit. </li> </ul> Terms to search and explore with your child <ul> <li>password strength – the measure of the effectiveness of a password against attackers</li> <li>two-factor (or two-step) authentication (2FA) is a method of confirming a user’s claimed identity by utilising something they know like a password, with a second verification like an SMS or verification app</li> <li>encryption – the translation of data into a secret code instead of “plain text”</li> <li>blockchain – a distributed ledger technology that records transactions using many computers</li> <li>cyberbullying – the use of services such as text messages or social media to bully a person</li> <li>SSL – the “s” at the end of https:// when you visit a website, which means you can generally trust the site to transport your personal information in an end-to-end encrypted format</li> <li>virtual private network (VPN) ensures a safe and encrypted connection over a less secure network</li> <li>virus and malware – software written expressly to infect and harm computer networks and devices</li> <li>IPFS – interplanetary file system, the decentralised web</li> <li>peepeth – blockchain-powered, decentralised social network</li> <li>hardware wallets – a device that stores the public and private keys which can be used to secure cryptocurrencies, and can also act as a means of two factor authentication.</li> </ul> Security tools to explore with your child <ul> <li><a href="https://haveibeenpwned.com/">haveibeenpwned.com</a> – check if you have an account that has been compromised in a data breach</li> <li><a href="https://beinternetawesome.withgoogle.com/en_us/interland">interland</a> – embark on a quest to become a confident explorer of the online world</li> <li><a href="https://myaccount.google.com/security-checkup">Google security check</a> – evaluate your security within the Google ecosystem</li> <li><a href="https://authy.com/">authy.com</a> – add two-factor authentication to common services</li> <li><a href="https://howsecureismypassword.net/">howsecureismypassword.net</a> – work out how long it would take a computer to crack your password.</li> </ul> <div class="grid-ten large-grid-nine grid-last content-body content entry-content instapaper_body"> This article was written with significant input from Kieran Nolan, a Melbourne-based educational technologist. </div> <div class="grid-ten grid-prepend-two large-grid-nine grid-last content-topics topic-list">Written by Matthew Riddle. Republished with permission of <a href="https://theconversation.com/skills-like-crap-detection-can-help-kids-meet-cybersecurity-challenges-head-on-113915">The Conversation.</a></div>

Technology

7 ways the government can make Australians safer – without compromising online privacy

When it comes to data security, there is an inherent tension between safety and privacy. The government’s job is to balance these priorities with laws that will keep Australians safe, improve the economy and protect personal data from unwarranted surveillance. This is a delicate line to walk. Recent debate has revolved around whether technology companies should be required to help law enforcement agencies gain access to the encrypted messages of suspected criminals. While this is undoubtedly an important issue, the enacted legislation – the Telecommunications and Other Legislation Amendment (Assistance and Access) Act – fails on both fronts. Not only is it unlikely to stop criminals, it could make personal communications between everyday people less secure. Rather than focus on the passage of high-profile legislation that clearly portrays a misunderstanding of the technology in question, the government would do better to invest in a comprehensive cyber security strategy that will actually have an impact. Achieving the goals set out in the strategy we already have would be a good place to start. Poor progress on cyber security The Turnbull government launched Australia’s first <a href="https://cybersecuritystrategy.homeaffairs.gov.au/sites/all/themes/cybersecurity/img/PMC-Cyber-Strategy.pdf">Cyber Security Strategy</a> in April 2016. It promised to dramatically improve the online safety of all Australian families and businesses. In 2017, the government released the <a href="https://cybersecuritystrategy.homeaffairs.gov.au/sites/all/themes/cybersecurity/img/cyber-security-strategy-first-annual-update-2017.pdf">first annual update</a> to report on how well it was doing. On the surface some progress had been made, but a lot of items were incomplete – and the promised linkages to businesses and the community were not working well. Unfortunately, there was never a second update. Prime ministers were toppled, cabinets were reshuffled and it appears the Morrison government lost interest in truly protecting Australians. So, where did it all go wrong? A steady erosion of privacy Few Australians paid much notice when vested interests hijacked technology law reforms. The amendment of the Copyright Act in 2015 forced internet service providers (ISPs) to block access to sites containing pirated content. Movie studios now had their own version of China’s “Great Firewall” to block and control internet content in Australia. In 2017, the government implemented its data retention laws, which effectively enabled specific government agencies to spy on law-abiding citizens. The digital trail (metadata) people left through phone calls, SMS messages, emails and internet activity was retained by telecommunications carriers and made accessible to law enforcement. The public was assured only limited agencies would have access to the data to hunt for terrorists. In 2018, we learned that many <a href="https://www.abc.net.au/news/2018-10-19/authority-creep-has-more-agencies-accessing-your-metadata/10398348">more agencies were accessing the data</a> than originally promised. Enter the Assistance and Access legislation. Australia’s technology sector strongly objected to the bill, but the Morrison government’s consultation process was a whitewash. The government ignored advice on the damage the legislation would do to the developing cyber sector outlined in the Cyber Security Strategy – the very sector the Turnbull government had been counting on to help rebuild the economy in this hyper-connected digital world. While the government focuses on the hunt for terrorists, it neglects the thousands of Australians who fall victim each year to international cybercrime syndicates and foreign governments. Australians lose money to cybercrime via scam emails and phone calls designed to harvest passwords, banking credentials and other personal information. Losses from some categories of cybercrime have <a href="https://www.scamwatch.gov.au/about-scamwatch/scam-statistics?scamid=29&date=2018">increased by more than 70%</a> in the last 12 months. The impact of cybercrime on Australian business and individuals is estimated at $7 billion a year. So, where should government focus its attention? Seven actions that would make Australia safer If the next government is serious about protecting Australian businesses and families, here are seven concrete actions it should take immediately upon taking office. 1. Review the Cyber Security Strategy Work with industry associations, the business and financial sectors, telecommunication providers, cyber startups, state government agencies and all levels of the education sector to develop a plan to protect Australians and businesses. The plan must be comprehensive, collaborative and, most importantly, inclusive. It should be adopted at the federal level and by states and territories. 2. Make Australians a harder target for cybercriminals The United Kingdom’s <a href="https://www.ncsc.gov.uk/">National Cyber Security Centre</a> is implementing technical and process controls that help people in the UK fight cybercrime in smart, innovative ways. The UK’s <a href="https://www.ncsc.gov.uk/active-cyber-defence">Active Cyber Defence</a> program uses top-secret intelligence to prevent cyber attacks and to detect and block malicious email campaigns used by scammers. It also investigates how people actually use technology, with the aim of implementing behavioural change programs to improve public safety. 3. Create a community education campaign A comprehensive community education program would improve online behaviours and make businesses and families safer. We had the iconic <a href="http://www.sunsmart.com.au/tools/videos/past-tv-campaigns/slip-slop-slap-original-sunsmart-campaign.html">Slip! Slop! Slap! campaign</a> from 1981 to help reduce skin cancer through community education. Where is the equivalent campaign for cyber safety to nudge behavioural change in the community at all levels from kids through to adults? 4. Improve cyber safety education in schools Build digital literacy into education from primary through to tertiary level so that young Australians understand the consequences of their online behaviours. For example, they should know the risks of sharing personal details and nude selfies online. 5. Streamline industry certifications Encourage the adoption of existing industry certifications, and stop special interest groups from introducing more. There are already more than 100 industry certifications. Minimum standards for government staff should be defined, including for managers, technologists and software developers. The United States Defence Department introduced minimum industry certification for people in government who handle data. The Australian government should do the same by picking a number of vendor-agnostic certifications as mandatory in each job category. 6. Work with small and medium businesses The existing cyber strategy doesn’t do enough to engage with the business sector. Small and medium businesses form a critical part of the larger business supply-chain ecosystem, so the ramifications of a breach could be far-reaching. The Australian Signals Directorate recommends businesses follow “<a href="https://www.acsc.gov.au/publications/protect/essential-eight-explained.htm">The Essential Eight</a>” – a list of strategies businesses can adopt to reduce their risk of cyber attack. This is good advice, but it doesn’t address the human side of exploitation, called social engineering, which tricks people into disclosing passwords that protect sensitive or confidential information. 7. Focus on health, legal and tertiary education sectors The health, legal and tertiary education sectors have a low level of cyber maturity. These are among the top four sectors reporting breaches, according to the <a href="https://www.oaic.gov.au/privacy-law/privacy-act/notifiable-data-breaches-scheme/quarterly-statistics-reports/">Office of the Australian Information Commissioner</a>. While health sector breaches could lead to personal harm and blackmail, breaches in the legal sector could result in the disclosure of time-sensitive business transactions and personal details. And the tertiary education sector – a powerhouse of intellectual research – is ripe for foreign governments to steal the knowledge underpinning Australia’s future technologies. A single person doing the wrong thing and making a mistake can cause a major security breach. More than <a href="https://www.aihw.gov.au/reports-data/health-welfare-services/workforce/overview">900,000 people</a> are employed in the Australian health and welfare sector, and the chance of one of these people making a mistake is unfortunately very high. Written by Damien Manuel. Republished with permission of <a href="https://theconversation.com/seven-ways-the-government-can-make-australians-safer-without-compromising-online-privacy-111091">The Conversation.</a>

Technology

Are you too smart to fall for an online scam? Take this quiz

Millions of people fall for scam emails every day. To respond to this problem, Google has launched a new quiz to test your ability to identify phishing emails. Phishing – or attempts to steal your sensitive information such as passwords, account numbers and credit cards – is “the most common form of cyberattack”, according to Google’s Jigsaw product manager Justin Henck. “One percent of emails sent today are phishing attempts.” To raise awareness about phishing and cyber security, Google’s technology incubator Jigsaw created the quiz with the help of about 10,000 journalists, activists and political leaders across the world. The questions were designed to teach people to spot the techniques that hackers use to trick them as well as the telltale signs of phishing emails. <img style="width: 500px; height: 210.9375px;" src="https://oversixtydev.blob.core.windows.net/media/7822956/jigsawgoogle.png" alt="" data-udi="umb://media/a8fc76888e0c46a2b25768e69c87b13a" /> Below are the tips that the quiz shares: <ul> <li>Be cautious about attachments and hyperlinks, including URLs designed to look like popular websites, which may send you to fraudulent login pages.</li> <li>Read the sender’s email domain carefully to make sure the email comes from a legitimate/official source.</li> <li>When opening PDF attachments, make sure you trust the sender and use a browser or an online service to open them safely.</li> <li>Approve account access requests only if you trust the developer. You can check this by evaluating the domain that is displayed and clicking on it for more details.</li> </ul> Apart from knowing the signs, Henck also recommended enabling two-step verification on your account. “When you have two-factor authentication enabled, even if an attacker successfully steals your password, they won’t be able to access your account,” said Henck. Take the quiz <a rel="noopener" href="https://phishingquiz.withgoogle.com/" target="_blank">here</a>. Have you been the victim of any email scams? Share your story in the comments.

Technology

MasterChef star homeless after hackers steal $250K in scam

Former MasterChef Australia star Dani Venn has been caught up in an online hacking scam that has cost her and her family $250,000. The cyber-attack has left Dani, her husband Chris and their two young children homeless. Appearing on MasterChef in 2011 where she came fourth in the reality TV series, Dani and Chris’s life savings were wiped out after an online conveyancing giant was linked to a hacking scam. Apparently, Dani and her family were warned twice about the security fears in the weeks leading up to the cyber-attack, which resulted in their funds being stolen. <img width="498" height="280" src="https://oversixtydev.blob.core.windows.net/media/7819434/1-dani_498x280.jpg" alt="1 Dani"/> The substantial lump sum that was sitting in their bank account was proceeds from the sale of their old home. But after the $250,000 was stolen, it meant they could not settle on their new property. “This is our life savings here,” an emotional Dani told <a href="https://www.9news.com.au/national/2018/06/26/19/40/masterchef-contestant-dani-venn-home-sale-hack-pexa">A Current Affair</a>. “We’ve got two small children, a four-and-a-half-month old and a three-and-a-half-year-old,” she continued. “You just can’t do this to people.” Since the hackers wiped out their account, Dani and the couple’s two kids have had to move in with her mother. Her husband Chris has been forced to live in a caravan. <img width="498" height="280" src="https://oversixtydev.blob.core.windows.net/media/7819435/4-dani_498x280.jpg" alt="4 Dani"/> Meanwhile, because the couple missed the settlement on their new home, they are being charged $500 a day in contractual penalties. They are at risk of losing the property and their deposit if they don’t come up with the $120,000 needed to finalise the purchase. “It’s scary because it could happen to anyone buying or selling a property,” Dani explained. PEXA (Property Exchange Australia) is the online platform that Dani and Chris’s conveyancers used to settle the real estate purchase when the proceedings were compromised by hackers. The conveyancing company was unaware the hackers created a fake username under their PEXA account. In the meantime, the Commonwealth bank has managed to freeze $138,000 of the stolen funds, however, $110,000 is still missing and not recoverable. <iframe src="https://www.facebook.com/plugins/video.php?href=https%3A%2F%2Fwww.facebook.com%2FACurrentAffair9%2Fvideos%2F1595163487256689%2F&show_text=0&width=560" width="560" height="315" style="border: none; overflow: hidden;" scrolling="no" frameborder="0" allowtransparency="true" allowfullscreen="true"></iframe> A Current Affair said they repeatedly requested PEXA for an on-camera interview and sent close to 20 questions for them to respond to, but all requests were ignored. However, PEXA’s Acting CEO James Ruddock said in a statement to ACA that their system is safe, and the loan offer still stands. “PEXA provides a platform to conduct property settlements. Like the paper process, individual conveyancers are responsible for conducting the settlement process accurately,” Mr Ruddock stated. “Ms Venn’s funds were misdirected when her conveyancer approved bank account details that were incorrect by using their digital key and password to authorise the settlement of the transaction through the PEXA system.” Dani’s scam follows two other incidents where one client lost more than $1 million during the settlement process, while another lost close to $700,000.

Legal

Why password sharing is becoming more common

You'd forgive me for being perturbed when I recently noticed someone accessing their partner's smartphone using their fingerprint. Knowing your loved one's passcode for reasons of occasional access to their phone – say, when they are driving – is one thing. Having your fingerprint pre-loaded on their phone so it can be scanned for instant access? That tells me you're either way too close, or don't have enough trust in each other. Yet the sharing of passwords is common in most households. A Pew Research study found that 67 per cent of couples in committed relationships have shared passwords. Sharing passwords and other login details on everything from social media to streaming services makes sense for a lot of couples. It's probably out of convenience: sometimes your partner will ask you to log on to their computer and find an email, others you might want to buy and stream a movie on Google Play and you only have one account between you. The reality of password sharing is that 95 per cent of us share up to six passwords with others, according to password management service LastPass. The most commonly shared passwords are for wi-fi networks (58 per cent), followed closely by TV/film streaming accounts (48 per cent), financial accounts like online banking (43 per cent), and e-mail addresses (39 per cent). Who's doing this password sharing? Time magazine data says it matters little what age you are. Sixty-four percent of 18-29-year-olds share passwords, compared with 70 per cent of 30-49-year-olds, 66 per cent of 50-64-year-olds, and 69 per cent of people 65-plus. From an interpersonal point of view, the sharing of passwords likely means you have nothing to hide, and that's usually a good thing. From a privacy and security perspective, it also means you're ignoring a lot of risks. While 74 per cent of passwords are shared verbally, 15 per cent are shared by pen and paper, 5.8 per cent by text, and 4.4 per cent by e-mail. Only two per cent are shared using secure password sharing services. What's more, although 73 per cent of people agree that password sharing is risky, that same 73 per cent are unlikely to change a password after sharing it with someone. That's extremely problematic when it comes to the kind of data that is available over one's wi-fi network or financial accounts, and even more so because 59 per cent of people re-use their passwords across different online accounts. That means, giving somebody your Netflix password could likely mean you've given them your Twitter login and iTunes password, too. When it comes to sharing passwords amongst people who don't live in the same households, Reuters/Ipsos research suggests not many of us do it, but it does happen. Just 12 per cent of adults overall password-share for TV/film streaming services in this way, although 24 per cent of young people 18-24 do it. In the fine print of most tech companies' terms and conditions, there's often a stipulation that you're agreeing that only you will use that account. But this is something there's no policing on, and many services allow multiple access from different locations at one time without issues. From a personal perspective, there's only one area in my life where I share passwords - paywalled news sites. I have a group of about five friends and all of us subscribe to a different international outlet (they're usually around $10-15 a month), so we're all getting a "pay for one, get access to five" ad-hoc deal. Rationally, none of us would subscribe to all services and pay over $50 a month for our online news. At least we're paying something for quality journalism, we argue, and we are still being served up advertising on paywalled sites and aren't getting a completely free ride. The method we do this is theoretically the safest way to share passwords, if there is such a thing, and – if you're going to share any kind of them – how I'd advise you do proceed. We create a unique password for every service that does not feature elsewhere in anybody's digital lives. It's for that service, and that one only. Passwords are shared only in person, not via digital communication, and changed regularly. If we were to really take security seriously, though, we all acknowledge that what we're doing still counts as unsafe online behaviour and we shouldn't be doing it at all. Do you share passwords with your loved ones? Written by Lee Suckling. First appeared on <a href="http://Stuff.co.nz" target="_blank">Stuff.co.nz</a>.

Technology

The dangerous new email scam targeting Australia Post customers

Online shopping has never been more popular, and as such, it’s not uncommon for Aussie consumers to miss a package delivery every now and then. Unfortunately, scammers know this too, and they’re using it to exploit innocent Australia Post customers. Queensland Police are warning Aussies to keep their eyes open for a “missed delivery” email scam that’s currently going around. The email, which claims to be from Australia Post and alerting customers of a missed delivery, asks the recipient to click on a link to arrange a redelivery. “Unfortunately you have missed us!” it reads. “Our mail carrier tried to deliver a package to you. Unfortunately, no one was present to receive the package. Choose when and where you want to receive your package. You will see the options for changing the delivery on the next page. There is one item awaiting collection. Please find here on [sic] how and where to collect your item.” <img width="600" height="387" src="https://oversixtydev.blob.core.windows.net/media/7815715/capture33.jpg" alt="Capture 33" style="display: block; margin-left: auto; margin-right: auto;"/> Image credit: Queensland Police. According to the Queensland Police, the email “contains malicious software (malware) which is then loaded onto your computer”. “Please be aware that Australia Post will never ... ask you to click on an email link to print off a label to redeem your package, email or call you to ask for personal or financial information including password, credit card details or account information, [or] call or email you out of the blue to request payment. “If you receive any suspicious emails, please ... delete them immediately, [and] do not click on any links or attachments.”

Technology

Are you guilty of this online banking mistake?

When you’re out and about only to realise you’ve run out of mobile data, finding a free public Wi-Fi hotspot can feel like a godsend. But cyber security experts are warning that the 51 per cent of Australians who do this (according to a <a href="https://www.symantec.com/content/dam/symantec/docs/reports/2017-norton-wifi-risk-report-global-results-summary-en.pdf" target="_blank">Norton survey</a>) are putting their bank details at risk. Why? Because cyber criminals can easily set up these legitimate-looking public hotspots, then use them to intercept whatever websites you browse – including your private details. This is a particularly serious issue for Australians who use public networks while at the shops, library, airport or cafes to login to their online banking. Each time you enter your username and password, you could be giving hackers exactly what they’re looking for. “It’s very profitable for criminals to gather your valuable details,” cyber security expert Ryan Kalember from Proofpoint told <a href="http://www.news.com.au/technology/online/security/half-of-australians-using-public-wifi-taking-are-taking-huge-risks/news-story/2aa3b858b326077b6d449dae8fc9c46b" target="_blank">news.com.au</a>. “You just shouldn’t be looking at your bank account on a public Wi-Fi, particularly if you’re re-entering your password. “In public Wi-Fi at airports, most people are posting the SSID, the name of their legitimate wireless network, which is usually what you’re able to connect to. If you’re on a smartphone, you’ll usually see the words ‘security recommendations’ below the wireless network, which is known to be trusted. “But it’s not impossible for an attacker to use a fake network via a device known as a ‘pineapple’.” And if these attackers manage to get their hands on your sensitive information, they can use it to steal your money or sell your details on the dark web. The moral of the story? Don’t automatically assume every Wi-Fi hotspot out there is secure. “Usually the most secure networks are those with no password, but a Captive Login Portal that appears once you click on the network. Remember, anything you wouldn’t want somebody else to see (such as your online banking password) you shouldn’t put on public Wi-Fi.”

Technology

Experts reveal how to avoid scammers online

Time after time we hear about the latest highly-sophisticated cyber scams, and some of them are now so realistic, it’s hard to tell a scam from the real thing. Everything from <a href="/finance/money-banking/2017/03/commonwealth-bank-customers-warned-about-latest-scam-email/" target="_blank">our banks</a> to <a href="/finance/money-banking/2017/06/new-energyaustralia-email-scam/" target="_blank">our energy bills</a> are being targeted – <a href="/finance/money-banking/2017/01/scammers-targeting-paypal-users/" target="_blank">not even PayPal is safe</a>. As a matter of fact, in 2016, Aussies lost over $300 million to scams – <a href="/finance/legal/2017/05/cybercrime-increases-by-30-percent/" target="_blank">up 31 per cent</a> from the previous year. With so many popping up all the time, you might be wondering what you can do to protect yourself online. Thankfully, we’ve got some clever advice to help you stay safe, thanks to Leonie Smith, the Cyber Safety Lady. Speaking to <a href="http://www.news.com.au/finance/money/costs/scammers-are-getting-way-too-clever/news-story/a784579dca686c877203e9a3254ae04e" target="_blank">news.com.au</a>, here are her top tips for avoiding scams. <ol> <li>Check your settings – Every few months, you should reassess your privacy and security settings on every social media platform you use. For Facebook, this simply means navigating to “Settings” and then to “Security and login”. From there, you’ll be able to see where your account is logged in and ramp up your authentication methods. Then, you can go into “Privacy” and adjust the settings so only your nearest and dearest can see your information, what you post or your activity.</li> <li>Keep personal details private – When signing up to new websites, never give all of your personal details (e.g. birth date, phone number, address), as this information is like gold to scammers. Simply use a fake birth date and avoid entering your contact details unless you know you can trust the company or website.</li> <li>Stop clicking – If you receive a website link in an SMS or email from an unrecognised sender, do not click it. You never know where the link might take you. If you ever receive an email purporting to be from your bank or any social media account, which asks you to update your details, do not click the link. Instead, go to the website how you normally would and deal with the issue that way.</li> <li>Banish spam – Constantly being sent spam emails? Your contact details may have been made public by hackers. A quick Google search of your email address or phone number will show you if they’ve been written up online. Otherwise, you can enter your email into <a href="https://haveibeenpwned.com/" target="_blank">this hacking detector</a> which will tell you if any of your online accounts have been breached by hackers.</li> </ol>

News

Massive cyberattack goes global

A massive wave of cyberattacks hit Europe on Tuesday causing widespread havoc on government and business computers, starting in Russia and Ukraine before spreading to the rest of Europe and the world. The cyberattack is <a href="http://www.oversixty.com.au/entertainment/technology/2017/05/first-aussie-businesses-infected-by-global-cyber-attack/">reminiscent of the WannaCry attack in May that affected 150 countries and brought Britain’s NHS down.</a> The virus started in Russia and Ukraine, but quickly spread to Britain, France and Spain. Within hours it had hit India and the US, but Ukraine has been hit hardest with its Central Bank, local transport and Kiev’s Boryspil Airport all affected. The malicious software locks users out of the computer and demands ransom, at $300 in bitcoins, to reinstate access. The attack is expected to hit Australia as businesses wake up this morning. Minister Assisting the Prime Minister on Cyber Security, Dan Tehan, said Australian authorities were "monitoring the situation". "We have been in contact with our Five Eyes partners and the national cyber security centres in those countries to get a good sense as to what is occurring," he told the ABC. The source of the attacks is not currently known. Several multinational companies have been targeted including Russian oil giant Rosneft, British advertising and marketing multinational WPP, French industrial group Saint-Gobain and US pharmaceutical giant Merck. Expert do not know the encrypting program the hackers are using which makes finding a solution difficult. The scale and use of ransomware recalls last month’s massive attack in which hackers, linked to North Korea, disabled computers used in 150 countries by using a flaw in the systems to install ransomware called Wannacry. Cyber security experts say the hackers have exploited the same type of hacking tool but these attacks use a different form of ransomware believed to be virus known as Petrwrap or Petya.

Technology

New EnergyAustralia email scam targeting thousands

Experts are warning Australian consumers to be extra wary when opening emails purporting to be from EnergyAustralia, after cyber security company MailGuard discovered a sophisticated new scam. Victims are being sent realistic-looking bills via email with unique payment amounts and due dates making it difficult to prove as a fake. “Appearing exactly like a real bill from EnergyAustralia, it tells people the invoice is due in the coming days,” says MailGuard CEO Craig McDonald. “The due date and amount owing are randomised so that each recipient gets a unique bill. This is a tactic by the cybercriminals to avoid detection.” <img width="600" height="833" src="https://oversixtydev.blob.core.windows.net/media/38375/image__600x833.jpg" alt="Image_ (361)" style="display: block; margin-left: auto; margin-right: auto;"/> As you can see in the image above, the email has been designed to look exactly like a genuine bill. However, a simple way to tell the bill is a fake is by looking at the email address from which it was sent – noreply@energyagent.net. When victims click on the “View bill” link, they will be taken to a webpage which automatically downloads a .ZIP file containing malicious material. “If you have received this email, you can report it to EnergyAustralia by forwarding the email to <a href="mailto:staysafe@energyaustralia.com.au" target="_blank">staysafe@energyaustralia.com.au</a>,” the real energy provider advises on its <a href="https://www.energyaustralia.com.au/about-us/media/news/new-email-scam" target="_blank">website</a>. “Please send the hoax email as an attachment if possible. Don’t forward the hoax email to anyone else. “Once you’ve sent the hoax email to <a href="mailto:staysafe@energyaustralia.com.au" target="_blank">staysafe@energyaustralia.com.au</a>, delete it from your inbox immediately. Then empty your Deleted Items folder.” To protect yourself from fraudsters, MailGuard recommend following these three tips. <ol start="1"> <li>“Only click links from trusted senders. Take a closer look at any link by hovering your mouse over and checking the destination in your browser. If it doesn’t match, it is not legitimate.</li> <li>“Never open an attachment that is a .ZIP file or .EXE file unless you are expecting it. Files from unknown senders often contain some kind of malware or virus.”</li> <li>“Check who is sending you email communication. Be aware that malware, phishing scams or spam may come from unrecognisable or odd email addresses, however legitimate email addresses can be forged easily.”</li> </ol>

Money & Banking

12 cybersecurity tips to keep your computer safe and secure

So it looks as if the CIA could potentially break into most smartphone or computer networks, at least according to the stolen documents released by WikiLeaks last week. Whether you have anything to hide or not, it's a good reminder that in a digital age, keeping your life private requires some work. Here's a list of nine things everyone should be doing already to keep their information relatively confidential, plus four more for the truly paranoid. 1. Don't get phished The most common way the CIA's cyber tools, and hackers for that matter, get into your devices are via phishing emails or texts. These are created to look like they're from a friend or trusted sender (say your bank or a software company) and contain a link they try to trick you into clicking on. Doing so loads software onto your computer, tablet or smartphone that allows the spies, or hackers, in. Once there, they can install any number of programs that allow them to spy on you and steal data. The CIA documents describe programs that can search through emails, contacts, texts and photos and send them from your device without your knowing it. All of this is why you want to be very careful about what emails you open and what links you click. Hackers, and presumably the CIA, are good at creating realistic-looking emails that entice you to click on dangerous links. Double and triple check before you click on links sent via email or texts. When in doubt, don't click on the link but instead go to the actual website it claims to be from. 2. Turn on two-factor authentication This is that annoying step that comes after typing in your password. It sends a code to your smart phone or a landline or sometimes email. You input the code - the second factor in the authentication process - and you're good to go. While it seems like a hassle, it's actually an extremely powerful way to keep anyone but you from getting into your accounts. They'd have to not only have stolen your ID and login but also your phone. You should turn two-factor authentication on for every app, program and device for which it's available. It's a small hoop for you to jump through but an enormous wall for hackers, and would-be spies, to overcome. 3. Use only secure web browsers Look for websites that use the secure version of the web protocol. You can tell by looking at the URL, which should start with HTTPS rather than simply HTTP. It stands for Hypertext Transfer Protocol Secure and keeps malicious third parties from inserting code onto the site. 4. Use strong passwords There are weak passwords and then there are crazy weak passwords. According to a survey by Keeper, which makes password management software, 17 per cent of users have 123456 as their password, followed by 123456789 and qwerty. At least put up a fight! Choose strong passwords or sign up for a password management program that will create them for you. 5. Install a modern operating system Many of the vulnerabilities detailed in the WikiLeaks documents are older and target dated systems. It's entirely possible that the CIA has newer tools for newer programs, but we don't know. What we do know is that the longer an operating system or program is around, the more vulnerabilities in it that are found and exploited. So use the most recent version of whatever operating system you prefer (Microsoft, Apple or Linux generally) and when a new one comes out, don't wait forever to switch. 6. Install security updates and patches When you get a new phone or computer or install a new system, set it up to automatically update with security patches. If there's no automatic update available, check periodically to see if anything new is available. 7. Use a security program There are many out there, from free to ones you pay for. While it's unlikely they'd keep the CIA out of your system, they'll do a good job of keeping run-of-the-mill hackers away, and might make it a little harder for spies to get to you. 8. Use encrypted messaging software There's no evidence the CIA was using the tools described in the WikiLeaks documents to spy on Americans, which would be illegal under U.S. law as the CIA can't operate within the United States. That said, if you really want to keep your life confidential, here are a few more things you can do. Popular programs include Signal, Telegram and WhatsApp. The WikiLeaks documents claimed that the CIA had a program that allowed it to see what users were typing on certain phones running the Android operating system, but they hadn't been able to break the encryption of the programs themselves. 9. Install a camera cover This keeps anyone from being able to surreptitiously turn on your camera and use it to record you. At hacker conferences it's common to see little bits of paper taped over computer cameras, or little plastic sliding covers that allow them to close off the lens when they're not using it. It's a low-tech fix for a high-tech problem. 10. Use a landline Making a call on a land line is more secure than making a call on a cell phone. It also doesn't leave a digital trail as texts or email do. 11. Unplug and turn off your devices For the truly paranoid, the best way to make sure the devices that surround you aren't spying on you is to unplug them or turn them off. 12. Finally, think about what you're giving away for free All of this raises a simple question - how much information do you voluntarily turn over to websites, apps and online services every day? Remember that no is always an option, though it sometimes means foregoing convenience for privacy. Do you think you’ll follow any of these cyber-security tips? Written by Elizabeth Weise. First appeared on <a href="http://www.stuff.co.nz/" target="_blank">Stuff.co.nz</a>.

Technology

Our Partners

Over 60

News

Shop

Catalogues

Newspaper

Contests

Entertainment

Travel

Health

Lifestyle

Finance

Property

Compare

Games

Information

Keep up to date

Search

How to protect yourself from cyber-scammers over the festive period

How household gas leaks affect your home in Adelaide

“Turn your phone off”: The simple reason behind Albanese’s warning

Australia’s approach to cyber security lacks citizen engagement

Just 25% of businesses are insured against cyber attacks. Here’s why

“So tone deaf”: Karl loses it over Medibank bosses' massive bonuses