Tag: phishing

Means of Identity Theft

Scams reported to the ACCC (Australian Competition and Consumer Commission) involving identity theft or the loss of personal/banking information have cost Australians at least $16 million in 2018 year and this figure is likely to be just the tip of the iceberg.

Four in 10 Scamwatch reports to ACCC in 2019 involve attempts to gain information or the actual loss of victims’ information.

“If you think scammers might have gained access to your personal information, even in a scam completely unrelated to your finances, immediately contact your bank,” said ACCC Deputy Chair Delia Rickard.

The most common ways scammers obtain personal or banking information are:

  • phishing emails and text messages which impersonate banks or utility providers seeking your login and password details
  • fake online quizzes and surveys
  • fake job advertisements
  • remote access scams in which the scammer has direct access to everything on your computer
  • sourcing information about you from social media platforms
  • direct requests for scans of your driver’s license or passport, often in the course of a dating and romance scam

“No one is really selling an iPhone for $1 or rewarding the completion of a survey with expensive electronic goods or large gift vouchers. They are scams to get your confidential information,” Ms Rickard said.

With the information, scammers can empty their victim’s bank accounts and take out tens of thousands of dollars in bank loans under victims’ names.

Lost personal information also leaves victims more susceptible to future scams as scammers will use the  information to seem more convincing in cold calls to perpetrate further scams.

If you have any experiences with identity theft do let me know, by email.

Fightback Ninja Signature

The Anti Phishing Club

The website is at http://antiphishing.club/ and twitter handle is @antiphishclub

The Anti-Phishing Club say that their website is dedicated to everyone on the World Wide Web, who wants to enjoy surfing without the harassment and fear caused by individuals committed to stealing information and money.

The Club promises:

  • To promote awareness of phishing and social engineering activities.
  • To try to provide the necessary tools and techniques to assist with staying safe online.
  • To provide extra resources on our links page.

They hope that you will find the information useful and that it will keep you safe online.

The website publishes articles (mostly lists of the top phishing scams), advice on how to spot phishing scams and a links page including information about Virtual Private Networks.

Their twitter feed is used for tips on staying safe online, protecting your privacy online and similar topics.

If you have any experiences with phishing do let me know, by email.

Fightback Ninja Signature

The Anti Phishing Club

What is Spear Phishing

Phishing is where the scammer tries to obtain sensitive information such as logins,  passwords and payment card details by pretending to be a trustworthy organisation e.g. your bank or local council or a major retailer.

This kind of attack is usually carried out by email or instant messaging and often directs the user to enter confidential information at a fake website, which looks identical to the expected legitimate site.

When phishing is targeted at specific individuals or companies, then it is called “Spear Phishing”.

How Spear Phishing Works

For example. An email arrives, claiming to be from a trustworthy source and the sender knows your full name, job title and department for example. The scammer has done their homework to get this information about you to give the scam a higher chance of success.

A link in the message takes you to a bogus website made to look like the expected website.

The fake website looks legitimate but only exists to take the users confidential information and pass it to the scammer.

These emails often use clever tactics to get victims’ attention. For example, the FBI has warned of spear phishing scams where the emails appeared to be from the National Centre for Missing and Exploited Children.

Cyber criminals employ individually designed approaches and social engineering techniques to effectively personalise messages and websites. As a result, even high-ranking targets within organisations, like top executives, can find themselves opening emails they thought were safe. That slip-up enables cyber criminals to steal the data they need in order to attack their networks.

How to Protect Yourself

Attackers utilize various social engineering techniques that leverage recent events, work-related issues, and other areas of interest pertaining to the intended target.  Don’t publish any private information about yourself.

Training employees to spot misspellings, odd vocabulary, and other indicators of suspicious mails may reduce the chance of people being caught out by these scam attacks.

Do enter your email address and click on the subscribe button on top right to keep up to date with new posts.

Fightback Ninja Signature