A guide to cyber crime prevention
Cyber Crime prevention, Safety and Tips
Understanding the problem
On the evidence available, it is clear that the number, sophistication and impact of cyber-crimes continues to grow and poses a serious and evolving threat to Australian individuals, businesses and governments.
Australia is becoming a highly connected country with technology and the internet now becoming a crucial part of Australia's way of life. So many people are benefiting in this new digital economy.
As the internet becomes easier to access, and we share and collect more information and data online, we all need to be educated and ensure security measures are in place.
What is cyber-crime?
In Australia, the term ‘cyber-crime’ is used to describe both:
- Crimes directed at computers or other information communications technologies (such as hacking and denial of service attacks), and
- Crimes where computers or information communications technologies are an integral part of an offence (such as online fraud, identity theft and the distribution of child exploitation material).
IT security is everyone’s responsibility. If one person doesn’t take precautions, the entire network could suffer. Here are three things every employee in a company must do to keep the business safe in today’s day and age.
Cyber criminals will often use email to try and trick people into downloading malicious software (spyware) or to collect personal information from the user by a process known as phishing.
This is often done by sending unwanted emails (spam).
Protecting yourself against spam email is a fairly straightforward process. All email service providers have an option for filtering out spam or junk emails.
- If the spam filter on your system is not already turned on as default, you can activate it using your filtering preference tab (use the programs “Help” tool from the menu if you can’t find the preference filter)
- Email providers will also allow you to block email from specific addresses. If you use Microsoft Outlook select the message from the sender you wish to block, go to the “Actions” menu, go to “Junk email” and select “Add to blocked senders list”. If you use Hotmail select the message from the sender you need to block, click on the “Sweep” menu and select the option to “Block messages from this sender”
- Regardless of your email program, always exercise caution when opening email from an unknown sender. If it looks suspicious, play safe and add the sender to your blocked list.
PHISHING attacks can take a more sophisticated approach and use email or malicious websites to collect personal and financial information. This can often take the form of an urgent email requesting account information, appearing to be from a reputable bank or credit card company. When the recipient responds with the information, the criminals can then use it to gain access to accounts.
Email Fraud example
Protecting yourself against phishing starts with the simple acknowledgement that your bank or account provider will never email you asking for account information. They have specific processes in place for verifying your identity when you contact them, and want you as a customer to be able to recognise a fraudulent approach.
- Be suspicious of urgent requests for personal or financial information
- Do not reveal personal or financial information in an email and do not respond to email solicitations for this information
- Check the URL of the website. The address may look the same as a legitimate site on the first glance, but could use a slightly different spelling or use different domains (e.g. .net instead of .com.au)
- Check the quality of the communication. Misspelling, poor punctuation and bad grammar are often signs of phishing
- To check the legitimacy of an email, contact the company it is claiming to be from. Please ensure you use contact information from an account statement and NOT any information provided in the email
- Install anti-virus software and firewalls to and keep them up to date
- If you believe that your financial accounts have been compromised, do contact your financial institution immediately.
When conducting any form of financial business online, always check the security of internet banking or online shopping websites and observe the following tips:
- Always look for and click on a padlock or key symbol (in the left side address bar of the website) which will detail the security of that site. Double click on the icon for more information
- Check that the secured site has an address that starts with “https”
- Always type the full web address into your browser to reduce your chances of being directed to a fake or spoof site (a site that might look similar).
- Always log out of secure sites properly when you have finished your session.
Additionally you should adhere to the following points when shopping online:
- INTERNET SECURITY - Ensure that you have a computer security suite (anti-virus and anti-spyware) installed and updated with the most current information
- SELLERS - If you are buying from a seller you have never used before carry out a independent research before you buy. Ensure that you note physical addresses of the business and phone numbers to call if there is a problem with your transaction
- PASSWORDS - Try to make up passwords that are difficult for a fraudster to crack, using a mixture of letters, numerals and symbols. Do not have one password that you use for all your accounts, and try not to write your passwords down in one place
- PAYMENT - Never send cash or use a money wiring service to pay for goods bought online as this leaves you little recourse if something goes wrong. Credit cards may allow the user to claim a credit from their card issuer if the product is not delivered and may place a limit on the amount you will be responsible for paying if your information is stolen and misused. PayPal is also considered to be a secure way of paying for goods online; you can even defer payment until the goods are received
- PAPER TRAIL - Print and save records of your online transactions. Read your credit card statements as soon as they arrive and contact your card issuer if there are any discrepancies. Log out from your session and turn off your computer when you have finished.
As well as malicious emails and websites, there are a number of online scams that you should also be aware of.
- ADVANCED FEE FRAUD - This is sometimes known as the Nigerian 419 scam. It may entail you being contacted by someone purporting to be a government official who is seeking your help to transfer a large sum of money. They claim they will reward you with a share of the money that is being transferred
- All that is likely to happen is that you will be asked to pay sums of your own money for “handling fees”, “taxes” or “legal costs”. You will not see that money, or your promised share of the original sum, again.
With any type of online fraud, you should never respond to the email but forward the details to Action Fraud who will then be able to investigate and take appropriate action.
Social Networking Scams
The growth of social networking sites such as Facebook and Twitter has been accompanied by con artists and cyber criminals targeting this area. The amount of information being exchanged on these sites makes it a breeding ground for scams.
The most common social networking scams involve the following:
- MALWARE DOWNLOAD. Clicking on links for videos and programs on social networking sites can open the door to cyber criminals who send out spyware, Trojans and viruses. Users then inadvertently download these to their own computers and/or mail them out to their friends list.
By keeping your internet security up to date you can provide a first line of defence against these attacks. Avoid downloading applications from unknown providers and don’t believe that a message you received from a friend or contact necessarily came from them.
- FALSE IDENTITY. It is easy for scammers to pass themselves off as someone else on social media sites by setting up false profiles. Scammers can pass themselves off as genuine people by using information trawled from the internet (often from social sites). Be cautious when accepting invitations from new friends or contacts.
- IDENTITY THEFT. Social Profile pages are often packed with personal information such as you name, date of birth, email and contact number, not to mention photos of you. Scammers may try to build on that by sending you a link to a bogus page that requires you to log on again.
Be Smart using Thumb Drives
Another way hackers can attack your company’s network is through hardware. Specifically, thumb drives (USB flash drives). If you use thumb drives to transport information, such as presentations, confidential documents, or other business intelligence, make sure you’re using a secure thumb drive to store the information.
BEWARE of any links asking you to sign on again – in reality you are handing over your password.
To protect yourself on social networking sites;
- Be careful about what information you share, and who you share it with.
- Don’t post personal information such as your date of birth and mother’s maiden name
- Regulate your privacy settings and control who sees your information
- Do not accept requests from people you do not recognise
- Avoid any apps or online content that ask for your personal information
- Don’t click on unfamiliar links from unknown sources
- Don’t access social networking sites from public computers
- Never engage in financial transactions on social networking sites
Telephone Banking / Services Fraud
There are a number of telephone banking scams being used at the moment, and evidence suggests that these are on the rise. The three scams listed below are typical to those that I have seen in Australia.
- SCAM 1: Scammers are impersonating energy and telecommunications providers and demanding payments.
- SCAM 2: In this scam the thief rings you and reports that your current bank or credit card has been compromised
- They inform you that they will send a courier around to collect the card and ask that you confirm your pin number prior to this
- Once you have given them your PIN number they will come and collect the card! NEVER give out your PIN.
- SCAM 3: False court demand actions for a action you likely never committed on a past date (usually a automated voice that speaks a pre-recorded message)
Dating and romance scams
Dating and romance scams are particularly convincing because they appeal to your romantic or compassionate side. They play on emotional triggers to get you to provide money, gifts or personal details.
If you are the recipient of a dating or romance scams, and you are in Australia you should report it to the ACORN (Australian Cybercrime Online Reporting Network).
As children and young people are often online, it can be hard for them to escape cyber-bullying. Youth do not often tell their parents in fear that it will make the situation worse, or out of fear they will lose Internet access. Ongoing communication between parents and children is important to prevent and stop cyber-bullying. You may wish to consider more information about the support services available for children and cyber victims more generally.You can report serious cyber-bullying or stalking behaviour to the ACORN (Australia) if the conduct is intended to make you (or the victim you are reporting on behalf of) feel fearful, uncomfortable, offended or harassed.
- Do not respond to unsolicited texts about accident/personal injury claims, even if only to ask the sender to stop. Just delete the message
- Sign up to the Australian "Do Not Call Register" to reduce unsolicited telemarketing calls. Registration is free. Telemarketers and fax marketers have 30 days from the date you register to stop contacting you.
- Download a reputable internet security app, especially if you have an Android or Windows device.
- Clicking on links in unsolicited social media posts can spell danger.
- Always remember that your device is not ‘just a phone’, but think of it as a computer, but needing different security rules.
- Be vigilant against fake stores when downloading apps - do so only from recognised sources.
- Downloading apps which are infected. These include apps which are downloaded from the device or operating system’s official store, and increasingly, fake stores which have been set up solely for the purpose of distributing malware.
Wireless Networks & Hotspots
Home and office wireless networks make it easier to use the internet and send and receive email in any room in the building and even outside... and enable visitors to do likewise. ‘Public’ wireless networks or hotspots mean that we can do the same in places like cafés, hotels and pubs.
Home/Office Wireless Networks
If your wireless hub/router/dongle is not secured, other people can easily gain access to it if they are within range. This can result in unauthorised people doing the following:
- Taking up your bandwidth – affecting the online speed of your own computers and other devices.
- Using your download allowance, for which you have paid your Internet Service Provider
- Downloading inappropriate material, which would be traced to your address and not their computer.
- Accessing sensitive information that you may be sending or receiving online.
All of the above risks can be avoided simply by ensuring that the wireless hub/router/dongle that you wish to connect to, is secured. To check that this is the case, simply search for available wireless networks, and those that are secured will be indicated with a padlock symbol.
When you first connect a computer, smartphone, tablet, printer or any other wireless-enabled device to any wireless hub/router/dongle, you will be prompted to enter a password/key, provided the network is in secure mode. This will enable the device to connect on this occasion and normally, for future use.
Remember that the access code is usually printed on the hub/router, so take care to either remove it, or make the hub/router itself inaccessible in the event of an intrusion or people you do not know on your property.
Safe Public WiFi
- Unless you are using a secure web page, do not send or receive private information when using public WiFi.
Ensure you have effective and updated antivirus / antispyware software and firewall running before you use public WiFi.
Public wifi security in most public wifi hotspots that you find in cafes, coffee shops, airports, schools and hotels is non-existent.
It's best to stick to hotspots where the provider, be it a conference, hotel, or coffee shop, provides you with a clear network to choose, plus a password to grant access. Then you know at least you're on the network you're meant to be using.
Networks with zero security don't have a padlock symbol next to them, or the word "secured," which shows on a Windows laptop. On an iPhone, if you select an unsecured network—even if it's your own at home—you'll get a warning that reads "Security Recommendation."
The best way to secure your traffic while using public Wi-Fi is to use a paid virtual private network (VPN). When connected, all your internet traffic is sent from your computer through an encrypted tunnel to the provider’s endpoint. The traffic is then secure from any local eavesdroppers on the public Wi-Fi network.
Safe Computer Disposal
Computers that you no longer need should be disposed of with great care. The data on your computer can easily be accessed and deleted’ data can be retrieved with relative ease by criminals.
Copy all of the data you will need in the future, on to your new PC or storage device, or back it up in the cloud.
Fully erase the hard disk(s) so that any personal information is completely deleted. Simply deleting files is not enough to permanently erase them. Instead, use a dedicated file deletion program or service, or physically destroy the hard drive to render it unusable.
- Don’t forget that your CDs, DVDs, memory cards, USB sticks and other USB connected devices may also contain your sensitive data and should be disposed of with equal care.
Report a Scam
Never be embarrassed to report a scam. There is no shame in being the victim of a convincing scam. By reporting it you will ensure that the scammers do not win in the long run.
If you are the victim of an online fraud or scam you should report the incident to the Australian Cybercrime Online Reporting Network (ACORN). Reports made to the ACORN may be referred to police for consideration and possible investigation.
The forms of online fraud to report to ACORN are (typically):
- Internet banking fraud
- Mobile banking
- Mule recruitment
- Shopping and auction site fraud
- Identity theft
- Never reveal personal or financial data including usernames, passwords, PINs, memorable phrases or ID numbers.
- Be aware that sender email addresses can be spoofed to appear as if they’re being sent by an organisation or person you know. Even these spoofed addresses can appear authentic when you mouse over/touch them.
- Always have internet security software loaded, switched on and kept updated on your computer. Download security apps on all your mobile devices too, including Apple.
- Be very careful that people or organisations you’re supplying payment card or other confidential information to are genuine, and then never reveal passwords.
- Remember that a genuine bank or other organisation will never ask you for your password via email, text, instant message or phone call.
- Don’t readily click on links in emails, texts or posts/tweets from unknown sources, this could lead to viruses or your confidential information being compromised.
- Don’t open email attachments from unknown sources, as they may cause your device to be infected with ransomware, spyware or other malware.
- Update software and apps when prompted, including operating systems. These often contain security updates that could guard against malware.