Recently we were informed by one of our clients about their experience in dealing with a scammer proclaiming to be from the ATO. We couldn’t help but wonder if we have exposed ourselves to the dark side of the web? Due to COVID, we now find ourselves spending a lot more time on the internet than ever before. From buying those nice pair of shoes to even your weekly groceries, everything can now be done online.

 

Below are 4 common data threats that we discussed with our team members earlier this afternoon. We thought it would be good to share this info with everyone. Throughout this article, we have attached links for your further reading.

 

  1. Phishing– The majority of cyber attacks against an organization will come through email phishing. Employees need to understand how to identify a phishing attack and defend against not clicking suspicious links in an email.
  2. Authentication and Authorisation– Employees should understand how to create strong passwords, such as not using passwords that are easy for someone to guess like ‘1234’. They should also understand the risk of password reuse between personal and corporate accounts, how to use a password manager (‘vault’), and learn why passwords are so important in protecting their online accounts.
  3. Information Security– “InfoSec” is all about protecting your organization’s digital information assets. Employees should understand that accessing information is a privilege and ‘need-to-know’ access should be practised at all times. Sharing sensitive data outside of the organization must be taken very seriously and employees should know your organization’s policy for protecting information.
  4. Ransomware – Ransomware is malicious software that encrypts data on a computer until a sum of money is paid to the hacker, and it’s one of the most popular threats targeting businesses across the world. If the ransom is not paid, your computer and all of its data are unrecoverable. The best way to defend against ransomware is to prevent it from happening in the first place.

 

Here are some steps you can take to prevent data breach:

 

1) Take care with email attachments

Many email attacks rely on the ability to send and receive attachments that contain malicious executable code. Malicious attachments may be sent directly by an attacker to target individuals, and many such attachments can be blocked by antimalware software that detects the malicious source. However, malicious attachments can also be sent by trusted sources that have been exploited by attackers.

Whatever the source, we should be extra vigilant before clicking any attachments.

2) Approach email links with caution

Weblinks in email are also a risk, as they often connect to a web domain different from what they appear to represent. Some links may display a recognizable domain name like www.amazon.com but in fact direct the user to some different, malicious, domain. One tactic employees can use is to review the link contents by hovering the mouse pointer over the link to see if the actual link is different from the displayed link.

Attackers also use international character sets to create malicious domains that appear to be those of well-known brands. When in doubt, one should type the domains directly into their browsers, or just avoid using the link at all.

3) Other helpful tactics for employee email security

The onus for providing secure email falls on the employer, but attackers can find ways to bypass protections even at organizations that implement best practices for email security. That means employees must act as the last line of defence, and they should be aware of the dangers of phishing, malicious attachments and malicious links in their email. Ultimately, users should rely on their best judgment when responding to suspicious messages.

 

4) ATO never asks for your details!

Unfortunately, during this tax season, a lot of taxpayers have fallen victim to ATO scams where hackers present themselves as ATO officers and ask for your personal details (your TFN, Bank Details). These hackers use tactics like “You need to provide your TFN so we can release your refunds!”, “You have a tax bill to pay! If you do not provide us necessary details we will proceed with a legal action”.

ATO never asks for any of your personal information as they already have it in their systems!

 

 

Please find below very well-written articles on how to stop phishing emails.

10 tips for spotting a phishing email – TechRepublic

How to Educate Your Staff about Phishing Emails (difenda.com)