CCSiT

 
Author Archives:

Bekky

Suspicious September Presents:

Safety from Scammers

We are guessing that you have heard the term ‘Phishing’ by now. It has nothing to do with water, boats or fish – but it does have to do with luring your prey.

So if you are a fisherman and decide you want a particular type of fish, you know what bait to use, what hook type, line weight, and depth to have it hanging really handy in the way.., tantalising.., un-ignorable..!

Phishing is also done using the above type of luring approach to catch prey.

In this case however, YOU are the PREY!

Criminals don’t care who you are or what your circumstances are, they just want your money!

Nowadays, they will use any way of getting hold of you that they can such as:

  • Phoning you
  • Texting you
  • Emailing you
  • YouTube adverts
  • Web Browser adverts

We will go into some real-life experiences of phishing further down the post, but for now, if you don’t have much time, remember the following to stay safe.

The Golden Safety Rules to avoid scams.

OVERALL GOLDEN RULE:

If you have initiated contact with them, you can be reasonably sure you are not being scammed.

If ‘They’ have initiated contact with you – Be VERY ALERT!


GOLDEN RULES FOR WHEN ‘THEY’ INITIATE CONTACT WITH YOU.

  1. GIVE NOTHING OVER THE PHONE
  2. DON’T GIVE REMOTE ACCESS TO YOUR COMPUTER\DEVICE
  3. DON’T TRUST UNEXPECTED SMS
  4. DON’T TRUST UNEXPECTED EMAIL
  5. DON’T CLICK ON LINKS OR OPEN ATTACHMENTS

1. GIVE NOTHING OVER THE PHONE
(Real life example further down)

If you receive a phone call from someone you do not know – No matter who they say they represent (Telstra, Westpac, ATO, etc..) – if they ask for any detail from you at all including your full name or birth date, simply let them know you will have to call them back via the main company number. Do not use any information they give you (Return call numbers, websites, email addresses, etc.)

Avoid saying “Yes” or “I Agree”. They will try to get a voice recording of that, which they can then use to authorise other accounts.

Then hang up. If you are curious, then look up the company contact phone number on Google and call the main company. Explain that you received a call from someone saying they were from that company and asking for information from you. That company will then be able to either confirm or deny legitimacy.


2. DON’T GIVE REMOTE ACCESS TO YOUR COMPUTER\DEVICE
(Real life example further down)

Unless it is your known tech support (like us 👍), you should not give anyone else remote access to your computer or device.


3. DON’T TRUST UNEXPECTED SMS
(Real life example further down)

Yes, SMS is now being used widely for scams. If it is an unexpected SMS with a link, don’t trust it. If you are curious, then look up the company contact phone number on Google and call the main company. Explain that you received an SMS purportedly from them and tell them what it says. That company will then be able to either confirm or deny legitimacy.


4. DON’T TRUST UNEXPECTED EMAILS

If it is an unexpected Email with a link or attachment, don’t trust it. If you are curious, then look up the company contact phone number on Google and call the main company. Explain that you received an Email purportedly from them and tell them what it says. That company will then be able to either confirm or deny legitimacy.


5. DON’T CLICK ON LINKS OR OPEN ATTACHMENTS

Unless expected, or you have contacted them and they are guiding you over the phone, do not click on links you receive. Some of the more popular ones that scammers are pretending to be include:

Australia Post – your delivery is not arriving…. <BLURB>, click on link to see details, or, attached document is the goods description.

ATO – Due to some discrepancies noticed in your Tax Return, you are being Audited. Full details of your rights…. <BLURB>, are contained in the attached document, or, click on link to see details.

<Any Australia wide company name> – For your information, see Invoice attached.

Telstra/Optus/Virgin – Your account is overdue and is being disconnected today …. <BLURB>, details are contained in the attached document, or, click on link to see details.

Origin Energy/AGL/Alinta – Your account is overdue and supply is being disconnected today …. <BLURB>, details are contained in the attached document, or, click on link to see details.

JB Hifi/McDonalds/Coles – Your last purchase also had a competition entry attached. Congratulations…. <BLURB>, how to claim details are contained in the attached document, or, click on link to see details.Criminals create web pages that look just like the original.

● Criminals create web pages that look just like the original.
● Criminals create Emails that look just like the real thing.
● Criminals have created what sounds just like a busy call centre for (eg). Telstra for background noise when they call.
●It is getting very hard to spot the fakes.

Just remember –

If THEY initiated contact with you – STRANGER DANGER!



Phone Scam – Actual Occurrence – May 2019 – Queensland

An Elderly lady, Judith (Not her real name) was having issues with her internet at home and called Telstra. They booked a call with Judith for the following day at 11:00am.

At 10:00am Judith received a call from ‘Telstra’ saying they were investigating issues with her computer. They obtained remote access and did some things (No idea what) and then ended up telling Judith that her computer was infected with a virus and her Anti-virus was not good enough.

They suggested that Judith purchase Norton’s Antivirus and opened the official Norton’s Website on her computer. They then told Judith to order and purchase a copy of Norton’s Antivirus.

Judith diligently entered all her details and paid for it using her credit card and purchased a legitimate copy of Nortons. All the while, the person who was remotely logged into her computer made a careful note of her details as she entered them.

Within the hour, $34,000.00 was taken from her Credit card.

Thankfully Westpac bank\Mastercard returned the money. It is not known if the scammers got away with it. Judith was highly distraught and, in her words, “felt like she had been raped”. Judith is 84 yrs.

Several questions pop into my mind.

  1. Did Judith talk to an actual Telstra Tech the first time she called. She cannot remember where she obtained the support number from.
  2. It is a mighty co-incidence that the scammer called Judith’s number slightly earlier on the day a call was expected, with details that she required support. Could a bona-fide overseas help desk employee be secretly making money on the side by passing details of potential prey on to scammers?
  3. We do not know if the real Telstra tried to call at 11 as Judith was already on the phone to the scammer. To my knowledge Judith never did receive contact from Telstra.

OUTCOME: Judith had to pay for her computer to be completely wiped and re-installed. This is the only safe way to ensure your computer is clean and has no ‘back doors’ after someone has gained access remotely.

Judith’s number and details have obviously been sold to other scammers as she has received many such calls since. One, pretending to be Telstra again, even had full call centre background noise, offered a bogus employee ID and even had a ‘supervisor’ who Judith was transferred to when she was reluctant to pass on any information. She has not been scammed since – but is often being harassed by phone calls from scammers.

What can you think of doing to not only protect yourself, but perhaps family, friends and your workplace?

The only workable solution is to ensure that the people in your life whom you care about, are fully aware of the risks so they can protect themselves when alone.

(Or take their bank accounts, phones, computers, front door bell and post box away……..)


SMS Scam – Actual Occurrence – Sep 2019 – Queensland

I happened to receive my first Scam SMS on Monday and I thought I would share it with you. This one is a very immature attempt with several ‘Warning’ signs.

I’ll highlight them below:

Whilst the above had some obvious errors, the scammers will improve until it is near identical.

It has been cleverly crafted in some ways:

  1. Using a well known store name – higher chance you have been to one!
  2. Using a date from a couple of months ago – can you remember if you went to a store on that day? Can you remember if you inadvertently did a 2 question survey? Does JB HiFi have your phone number?
  3. Finished 2nd. Well that explains why I only get an SMS. If it was 1st I would think a phone call would be the minimum they would do.

Its LURE is a possible windfall. All you have to do is follow the link (One little screen tap) and you might be a new LED TV or iTunes Gift card better off…

Oooh, it is SOOOO enticing!

I could have been at JB HiFi on June 15th, right?

I have given positive feedback on employees at Bunnings when they give great service, maybe I did this at JB HiFi as well? Maybe that is what got me entered into this competition? Let me Click!

Of course, this may actually be a poorly written, but legit SMS (Shame on you JB HiFi marketing team). I could call them and ask if there were any competitions, but I don’t think I’ll waste my breath or time.

So that wraps it up for this September 2019 Blog. There is so much more detail that could be included and so many more examples, but the important thing here is to get the message across to be careful – not fill you up with technical details and fear. Small IMPORTANT steps.

I hope this information helps. You certainly have my permission to pass this information on to your loved ones, workmates and business associates. The more we can stop scammers from being effective, the better off we all are.

If you wish to obtain any further information or happen to have received an email or text that you think might be important – but could also be a scam and just want to confirm, give our team a call.

Please note that unfortunately, we cannot provide free support to entities (or persons) that are not existing clients. All our time is dedicated to ensuring that clients (partners) of ours are supported with excellent service and speed. We support business entities in the Greater Brisbane region of Queensland, AUSTRALIA.

Take Care, Stay Aware.

Thomas Hayes
Director
CCSiT Pty Ltd
Phone: 07 3376 3033
Email: support@ccsit.com.au

Password Security

You, Yes YOU! are responsible for keeping your company data secure!

Most external access hacks are caused by employees being careless with regards to their user account security. Statistics prove that 60% of the businesses in Australia that have had their data held to ransom and not been able to get it back – have closed their doors in 6 months. Do you really want the loss of all your co-worker’s jobs to be because of you? If you hate them that much, do yourself a favour and quit working there.

ALWAYS REMEMBER that your password is the front door key to your business. If a hacker obtains it, there is NO WAY to prevent them from accessing your systems and doing really bad things with your company or customers data.

The good news is that it is actually easier than you think to have – and remember – a secure password.

Currently, the standard for being secure is to have a password that is a minimum of 14 characters long and contains UpperCase, Lowercase, Numbers and/or characters.

Sounds difficult!  But, there are some simple tricks to make this easy to remember:

Easy Password creation examples:

A short sentence (called a PassPhrase)

  1. Eg: ‘1 have Br0wn Hair’ – 17 characters long (which includes spaces which are special characters), all requirements met, super secure, easy to remember.
  2. Eg: ‘Br1sban3 Br0nc0s t0 WIN’ – 23 characters long (which includes spaces which are special characters), all requirements met, super secure, easy to remember.

OR

A keyboard sequence (called a PassSequence)

Eg: ‘1qaZse4rfVgy790-’ – (16 characters long, all requirements met, super secure, easy to remember)

CHOOSE YOUR OWN PATTERN! THIS ONE IS TAKEN!

The latest opinion and practice (Already adopted in the US Defence and Government departments) for keeping your password secure has now turned away from forcing you to change it every week or month (Finally!!) to instead having the risks and the rules of security explained to their staff and then trusting their staff to do the right thing.

The rules for keeping your password secure are:

  1. Do NOT tell it to anyone! Not ever!
    • If you need to give someone else access, change your password first, give that to them and then when they have finished, change your password back!
  2. Do NOT use it for any other login type such as Facebook or Supplier Log-in or Gmail, etc.
    • Hackers know a lot of people use the same passwords on multiple online accounts so purposefully harvest as many username and password details they can from less secure sites and then try that combination everywhere.
  3. Do NOT record it on your phone, computer, cloud storage or in your email.
    • You may think your phone is secure and no-one can hack into it. After all the high-profile cases of actors and public figures having their phones hacked do you really still think that? Email is certainly not secure.
  4. If you suspect it has been compromised – Change it as soon as you can!
    • You think a fellow employee watched you type it in, or you suspect that someone was looking over your shoulder when you were logging in remotely from the airport, or you did not realise that a security camera was right above you…
  5. If you know it has been compromised – Change it and tell your IT department what happened ASAP!
    • You saw someone writing it down when you were logging in at the airport, or you know that at the staff Xmas party you may have mentioned how awesome your password was…
  6. If you FORGET it, just give your IT department a quick call and they can reset it. (Even they have no way of finding out what it was – they can only reset it to something new)

Yup, it is all fairly simple to protect your job, your company and your fellow employee’s jobs by keeping your password secure.

It is also easy to be lazy or believe it couldn’t happen to you and as a result, kill the whole company. Hackers know there are still a lot of people out there who think they know better when it comes to security. In fact, they make a living off it.

If you want more suggestions, tips or even a free basic assessment of your organisation’s password security (IF you are in the Brisbane Region) give us a call here at CCSiT. 07 3376 3033.

Windows 10 – Do you Love it? … or hate it?

Well, for the first time ever, there is plenty to “love”,

a bit to “hate”

and a bunch of “getting used to”

involved in this latest operating platform from Microsoft.

 

What we have all been told however, is that this is the last major change of how it works. From now on, we will just be getting upgraded releases of Windows 10 instead of having to re-learn an entire operating system every time Microsoft decides to release a new version.

In Microsoft’s words,

“Windows 10 is the first step to an era of more personal computing, one in which Microsoft is moving Windows from its heritage of enabling a single device – the PC – to a world that is more mobile, natural, and grounded in trust. With Windows 10, applications, services, and content move across devices seamlessly and easily. Windows 10 features a universal app platform and universal store, providing a consistent experience across devices.

Windows 10 helps make people more productive and have more fun, with a personal, natural experience that works across all of their devices. Windows 10 delivers ongoing feature innovations and security updates, and it is available as a free* upgrade to Windows 7 and Windows 8.1 users.”

Personally, I (once I got used to it) loved Windows 7. Before that, Win XP.

I could not stand Win 8! I was forced to uninstall it before I lost my temper and ‘rebooted it through the windows’ (get the pun?)

Windows 10 has come along and I must be fully upfront in saying that it took me a little while to venture out and test it. I mean really, who wants the hassle of re-installing an entire computer just to find it is worse than what you already had?

But, with my entire tech team calling me a techno-phoebe (including casuals I had only just hired 2 weeks earlier) along with other terms and phrases I probably cannot print, I finally took the plunge and got one of the team to load it for me (I know, right! Huge commitment on my part!).

And the result? I actually am pretty happy. I have finally become used to it and find a lot of things I knew and loved from Win7 being re-added and some of the really stupid and horrible things from Win8 being removed. ‘My Computer’ is now ‘My PC’. I can live with that.

In reality, I don’t have a choice about using Windows 10 – unless I want to go Apple or Linux for a business platform – and that I do NOT want to do, but I am really quite happy with Windows 10 and would probably have migrated to it even if I did not have to.

Warning with regards to upgrading to WIN 10: Some older Laptops (Pre 2011) have not supplied drivers for the graphics and result in a black screen. It becomes a bit more difficult to fix an issue if you cannot see it so please backup important data before attempting it. Even a quick Google search “<Laptop brand and model> with Windows 10” will give you a fairly good idea if yours is going to be okay before you start.

For more information, see the Windows 10 Upgrade page on Microsoft’s website.

For now, enjoy the new windows and give yourself enough time to get used to it before you start having to meet deadlines. I found a glass of wine to be especially helpful with my first explore of it.

Thomas

Need Help Now?

Simply give us a call or shoot us an email and we can make your life easier straight away!

Call us on
(07) 3376 3033

Send an Enquiry

newsletter

Latest CCSiT News