October 2013 Newsletter
This month we’ve seen the use of a slightly different approach to phishing emails. These attacks ask you to call back on a phone number in addition to the more traditional phishing email pitfalls such as opening a dangerous attachment, replying to the email or clicking a malicious link.
Calling the number can of course, prove just as risky. Other than being talked into handing over your credit card information or personal details, you could find yourself with a hefty and unexpected phone bill.
The emails have been reported targeting the customers of Australian banks, claiming that ‘access to your account has been restricted' and you should phone a number to arrange for it to be restored.
Our email address is changing to @communications.gov.au
The name of the Department of Broadband, Communications and the Digital Economy has changed to the Department of Communications.
This means that messages sent to you from @dbcde.gov.au email addresses will change to @communications.gov.au addresses, including emails from Stay Smart Online.
Our new address is staysmartonline [at] communications.gov.au.
Make sure you save this new email address to your contacts or add it to your safe list, to keep receiving our emails. If you stop receiving email from us, check your junk mail folder as your email client may not recognise our new address.
It may also explain why some of images and logos in the emails you receive no longer download or display correctly.
Software updates return to spotlight
In September, in addition to the expected Patch Tuesday software updates from Microsoft and Adobe, we also saw Microsoft issue an unscheduled Security Advisory.
When Microsoft becomes aware of a vulnerability in its software for which it does not yet have a patch prepared, it will release a security advisory to inform its customers. It will then work to develop a patch for the vulnerability as quickly as possible, releasing it either as part of the next round of Patch Tuesday updates or, depending on the timing and urgency, as a release on its own.
This issue has since been addressed by Microsoft's October Patch Tuesday updates.
In some cases, the vulnerabilities are known to be used by cyber criminals to target computers, and this is why it’s important to ensure your system is always as up-to-date as possible.
Advice on the latest updates is available from each of the vendor’s sites.
Firefox and Thunderbird updates
In September, Mozilla also issued security and functionality updates for Firefox and Thunderbird, both of which included items listed as critical.
If you use these products, you should update your software.
Apple iOS 7 released
Apple has recently released a new version of its operating system for iPhones and iPads (iOS7). This includes a number of security enhancements which you should consider.
The latest update now includes a fix for the passcode locking issue identified in iOS7.
For the latest security updates for all Apple products go to:
Java targeted in phishing attacks
In September we saw the re-emergence of a phishing attack which targeted vulnerabilities in Java internet browser plug-ins.
As always, you should evaluate your need for Java and manage your computer accordingly.
In September, popular blogging platform WordPress also released a new version, fixing a flaw that has been demonstrated to be exploitable (it could be targeted by cyber criminals).
If you use WordPress you are advised to update.
Stay Smart Online Blog
What is your digital reputation? Do you have one?
Teaching is one profession where an online reputation has considerable impact. The Cybersafety and Reputation Management team from Queensland’s Department of Education, Training and Employment talks us through what this might mean.
Thank you to those subscribers who have provided feedback to our Alerts and Newsletters. We are very interested in your feedback and where possible take on board your suggestions or requests.
This information has been prepared by Enex TestLab for the Department of Communications ('the Department'). It was accurate and up to date at the time of publishing.
This information is general information only and is intended for use by private individuals and small to medium sized businesses. If you are concerned about a specific cyber security issue you should seek professional advice.
The Commonwealth, Enex TestLab, and all other persons associated with this advisory accept no liability for any damage, loss or expense incurred as a result of the provision of this information, whether by way of negligence or otherwise.
Nothing in this information (including the listing of a person or organisation or links to other web sites) should be taken as an endorsement of a particular product or service.
Please note that third party views or recommendations included in this information do not reflect the views of the Commonwealth, or indicate its commitment to a particular course of action. The Commonwealth also cannot verify the accuracy of any third party material included in this information.
Email: staysmartonline [at] communications.gov.au
You are receiving this message at the address [Email].
Update your profile preferences
If you no longer wish to receive this information, you can unsubscribe.
© 2013 Australian Government. All rights reserved