August 2013 Newsletter
2013 Cybersafety Summit
Friday 2nd August is the 2013 Cybersafety Summit. DBCDE is excited to meet members of the Youth Advisory Group on Cybersafety, their parents and teachers to share ideas on cybersafety and to make a difference together!
ACMA Cybersmart launched a new Digital Citizens Guide last week to help Australians engage positively and confidently while participating in everyday online activities. The Digital Citizens Guide highlights three key characteristics: Engage online positively, know your online world and choose consciously. A short video and the guide can be found on the Australian Government’s ACMA Cybersmart site.
Social engineering—essentially tricking someone to achieve a specific outcome—is one of the most effective methods used by cyber criminals.
Phishing emails are a common example of social engineering. We talk about phishing a lot because people still get fooled every day.
It can happen to anyone, even experienced IT professionals, and it’s very difficult to manage. You can have the best security installed, but still be tricked by a convincing phone call, email or website.
This month we’ve reported quite a few phishing and malware campaigns which use social engineering.
Fortunately, most phishing emails include clues which can give them away as fake—sometimes it’s a strange sender address, or a suspicious sounding request. Sometimes it sounds too good to be true, while other times it’s odd links or the fact that it arrived out of the blue. Whatever triggers your suspicion, it doesn’t ever hurt to act on it and cross check any information before you take it seriously.
PRISM phishing campaign targets multiple operating systems
With global interest focused on the NSA and Edward Snowden, phishing campaigns emerged carrying malware. In particular, examples were identified carrying a form of Remote Access Tool which if installed on your computer could give an attacker remote control of your computer—regardless of the operating system. Find out more.
Phishing emails target ATO, Australian banks, Telstra and others
More phishing emails were also circulating directly targeting Australians. These also carried malware
The emails pretend to come from a number of Australian institutions including the Australian Tax Office (ATO), the Commonwealth Bank, National Australia Bank (NAB) and Telstra. Others have also been identified mimicking MMS messages. Read more.
Apple phishing emails
Subscribers should be wary that an increasing volume of Apple-related phishing emails are circulating. These phishing scams attempt to steal your personal information, Apple account details and financial credentials. More on Apple-related phishing emails.
Simple “Email Back” phishing scam plays on curiosity
A new variant of scam email has been identified which includes very little information, simply asking you to “email back”. Some examples may include offers of a reward, money or other opportunities. Find out more.
Ransomware now targeting Macs
Ransomware continues to be successful in attacking small business across Australia. Now, it’s been identified targeting Mac OS X systems.
Gamers who hold accounts with Ubisoft, known best for the title “Assassin’s Creed”, should change their password after the company was hacked earlier this month. Although no customer financial information was lost, if you use the same password for any other service, you are also advised to change y it on those other online services.
Encrypted chat service vulnerable
In the wake of the news about NSA’s covert surveillance programs, there has been growing interest in encrypted online services. Users of encrypted chat service Cryptocat have been advised to update their software clients to the latest version after it was found to have a vulnerability which exposed messages for the past seven months. The flaw has since been fixed.
Tumblr sending unencrypted passwords
Users of the popular mobile app Tumblr are advised to change their passwords after a flaw in the app lead to passwords being sent in plain text (unencrypted format). A person looking at this network traffic could have intercepted your password. Find out more.
Stay Smart Online survey
Keep an eye out for our bi-annual survey of your opinion on the Stay Smart Online Alert Service! This will be distributed via email. Our surveys allow you to remain anonymous and do not ask for any personal or financial information. You will be advised in email communications of how to independently verify the information (such as a link directly from our website).
Monthly software updates
Microsoft, Apple and Adobe issued important security updates in July. A number of critical and important updates were listed. It’s important to ensure your system is always as up-to-date as possible. If you haven’t set up automatic updates, do it now!
Advice on the latest updates is available from each of the vendor’s sites.
Stay Smart Online blogs
Don’t be scared of the cloud
There’s been much talk recently about how cloud computing may bring considerable benefits to small and medium-sized businesses.
But do SMB owners and decision-makers really understand the cloud? Mark Sinclair, Director Small Business from Trend Micro, talks about some strategies to get you into the cloud.
Casting call: the “art” to online etiquette and staying smart
Your reputation online is important, perhaps even more so for those whose work requires them to be in the limelight. Marianne (Mel) Rom, Founder of Social Ediquette, talks about how social etiquette is important to your online presence.
Thank you to those subscribers who have provided feedback to our Alerts and Newsletters. We are very interested in your feedback and where possible take on board your suggestions or requests.
This information has been prepared by Enex TestLab for the Department of Broadband, Communications and the Digital Economy ('the Department'). It was accurate and up to date at the time of publishing.
This information is general information only and is intended for use by private individuals and small to medium sized businesses. If you are concerned about a specific cyber security issue you should seek professional advice.
The Commonwealth, Enex TestLab, and all other persons associated with this advisory accept no liability for any damage, loss or expense incurred as a result of the provision of this information, whether by way of negligence or otherwise.
Nothing in this information (including the listing of a person or organisation or links to other web sites) should be taken as an endorsement of a particular product or service.
Please note that third party views or recommendations included in this information do not reflect the views of the Commonwealth, or indicate its commitment to a particular course of action. The Commonwealth also cannot verify the accuracy of any third party material included in this information.
Email: staysmartonline [at] dbcde.gov.au
You are receiving this message at the address [Email].
Update your profile preferences
If you no longer wish to receive this information, you can unsubscribe.
© 2013 Australian Government. All rights reserved