Go to top of page

Our top alerts of 2019 – scams, exploits and data breaches!

Priority Level: 
Moderate
27 February 2020

With a new year well underway, we’ve recapped some of our top alerts from 2019, with pointers on how to protect yourself against each threat.

1. Check before you click. Scammers pretended to be Australia Post multiple times in 2019.

Last year, widespread scam text (SMS) messages using the Australia Post brand were sent to people. Scammers imitated the AusPost caller ID, often mentioning a ‘missed delivery’ or ‘unverified address’, with a link directing people to a (fake) AusPost website. The site asked for payment or personal details, which scammers then stole and used. Clicking on these links could also infect your device with malicious software (malware). You can view the alerts here and here.

Our top tips to protect yourself against scams like this are:

  • remember: your financial institution and other large organisations like Australia Post will never send you a link asking for personal or financial details
  • if the message seems suspicious, contact the person or business separately, using contact details you have found from a legitimate source
  • don’t click on links in unexpected messages or emails from people or organisations you don’t know.

2. Keep everything updated – including your phone. Scammers used a WhatsApp loophole to spy on users.

Cybercriminals exploited a vulnerability in the WhatsApp smartphone messaging app to remotely install surveillance software and hack into users’ confidential conversations. An update was issued on 15 May 2019 to address this vulnerability in the app, but there were concerns across the world that many users would ignore or delay the latest update and remain vulnerable to attack.

It’s vital for your device’s security that you keep your software up to date. Our top tips to protect yourself now and in the future are:

  • turn on automatic software updates on your devices, including your phone
  • when a pop-up message from a trusted application requests an update, accept it
  • if you need to delay, set a reminder so you can update overnight or at a more convenient time.

3. Don’t reuse your passwords. Scammers got access to millions of emails and users names in the ‘Collection #1’ data breach.

In January 2019, Australian cyber security expert Troy Hunt made public a significant data breach affecting 773 million email addresses and usernames. Titled ‘Collection #1’,  unauthorised access to usernames and other details on multiple websites and services resulted in email addresses and passwords being shared on a known hacking forum.

Our top tips to limit the impact that a data breach may have on you are:

  • use a strong password (13 or more characters that are unrelated and difficult to guess) and don't re-use the same password on multiple websites
  • use multi-factor authentication where available (like a code sent to your phone, or your fingerprint on a mobile device) to give your accounts an extra layer of security
  • change your password on any accounts where you may have used the same email and password combination.

More information

To stay up to date on the latest online threats and how to respond, sign up to the Stay Smart Online Alert Service, www.staysmartonline.gov.au/alert-service

If you’ve been the victim of a cybercrime, including financial loss, report it to ReportCyber at www.cyber.gov.au/report