Cyber Security - Carey Group

Being wary of scams and sharing your personal information

Key Points:

Never use the same password or variations of the same password, utilise different numbers and letters with a mixture of capital and lower case letters
Online quizzes may be fun but usually there is a catch, and that catch can be your personal data
Scammers either attempt to build rapport with their targets or are very aggressive and frightening

This is doubled by the fact that more and more scammers are utilising the current COVID-19 crisis to target people through phone calls and email phishing scams.

It can be hard to differentiate between real or fake news, and genuine or false information in your emails and text messages.

While technology is a great way to create profiles for advertisers and companies, it is also an easy platform for scammers to use.

Older people are becoming warier of what they post online and on social media, but may not be as careful about the data they give away freely for competitions they enter or anything else that involves giving away personal information.

Elderly people are also more prone to falling victim to online and over-the-phone scams, which could result in substantial amounts of money being taken from your hard-earned savings.

It’s important to always double-check with someone you trust about whether you are making the right decision before handing over money or information.

One thing to keep in mind is scams are always developing and becoming more clever as the years go on. Always be vigilant with odd links, monetary requests you aren’t expecting, and be aware of who you are providing your personal information to.

Passwords: Variety is the spice of life

Using easy passwords to safeguard some of your most important assets can be really dangerous in today’s online climate.

Especially when you are storing away your hard-earned savings for retirement or a nice holiday.

Using really easy passwords, like ‘password’ or ‘abc123’, can be very easy to guess by hackers or even people you know.

Another concerning factor is the number of people who use derivatives of the same passwords.

For example, say you decided to make your password named after your cat, Fluffy. You used the same name as the basis for the password, but just added numbers to make it different between the multiple online accounts you have. Such as, your bank account password is ‘Fluffy1’, your superannuation is Fluffy followed by the day of your birth, ‘Fluffy25’.

While derivatives of the same password may make it easier to remember, it also makes it easier for someone to guess.

A good idea is to mix up your passwords where possible to make your online accounts safer. This means utilising a mixture of letters and numbers and a mixture of capitals or lower case letters.

If you are worried about losing your passwords, start using an online password manager to keep all of your passwords in one place under a strong primary password key.

Data is up for grabs

Data has been a massive commodity for advertising companies online, and offline, over the last decade.

Many older people may not be aware they are giving out their personal information for free while online.

While older people tend not to post too much revealing information on social media, it can be as easy as entering an online competition for you to have all your personal information stored and sold on to a third party.

The same goes for loyalty cards, if you spend $100 on groceries at a supermarket and use your loyalty card, that supermarket now knows how much you spend, what products you are buying and if you are able to withdraw and pay that much money.

This information is usually taken by those companies to try and sell you specific things based on your recent purchases, but this information is also a hot commodity for other companies to buy. You may never know how far your information can be passed along.

Similarly, some ‘fun quizzes’ online can not only take your personal data but also formulate a personal profile about you as an individual from the answers you chose in the quiz.

A good idea to be safe online is to reduce how much information you pass out, like phone numbers, home addresses and emails, and be careful with what you are engaging with online.

Scammers are not your friend

Many scams these days target older people online and on the phone. However, scams over the phone are more effective because it brings a human element into the ruse.

There are generally two types of scams, threatening and aggressive scams, or social engineering scams.

Threatening scams aim to scare the person on the end of the phone into making decisions on the spot, either forfeiting information or money.

These calls can be aggressive, like someone threatening to get the police involved and have you put in jail.

Social engineering scams are a lot sneakier compared to threatening scams, because they involve gaining your trust, resulting in you passing along your details or money to the scammer none the wiser.

Social isolation is a big problem with older people and scammers use this fact to engage and chat with an elderly target on the phone, convincing the older person they are trustworthy.

Because they take an interest in the person, a lonely older person may soon consider the scammer a friend and undertake what is being asked of them.

It’s important to regularly check your bank statements, especially since scams are carried out in lots of different smart ways.

Rather than taking out big amounts of money, scammers tend to take out $10 – $20 dollars on a recurring basis, so the withdrawal doesn’t look huge and cause suspicion.

‘Love’ scams are another popular and big-paying swindle. There are many stereotypical ideas of the love scam, generally around a far-off prince needing some financial assistance from you – his greatest love, however, that is not the most successful type of love scam.

In most cases, love scams involve an older man and woman, who has developed a relationship of some sort with someone, somewhere in Australia.

The scammer would first spend time creating a connection with the elderly victim before making up extravagant scenarios where they need the individual to pay money to help them.

It is an incredible form of emotional manipulation, which can result in a lot of money passing between hands.

Standing up to scammers

The best way to combat these types of scams is to never give your credit card or personal details over the phone.

No matter the business, a caller should never ask you to pay for something over the phone, especially for small transactions.

Additionally, when online or checking your emails, avoid pressing on dodgy links. If you receive an invoice from an unknown and weird email address, go to the actual company website, for example, Telstra, and see if you have any outstanding bills.

Another good option for when you receive a concerning call or odd email asking for money is to check with someone you trust.

The aim of these scams is to isolate you from the herd. Ask a friend or family friend about their opinion before paying any money.

And if the scammer is becoming aggressive in their communication with you, tell them you will contact the organisation directly and hang up.

You are well within your right to say you will call the company back directly on the official company number and pay a bill rather than right on the spot.

For more information or to report a scam, head to the Government Scam Watch website for more information.

Source:
This article was originally published on https://www.agedcareguide.com.au/information/being-wary-of-scams-and-sharing-your-personal-information. Reproduced with permission of DPS Publishing.

Important:
This provides general information and hasn’t taken your circumstances into account. It’s important to consider your particular circumstances before deciding what’s right for you. Although the information is from sources considered reliable, we do not guarantee that it is accurate or complete. You should not rely upon it and should seek qualified advice before making any investment decision. Except where liability under any statute cannot be excluded, we do not accept any liability (whether under contract, tort or otherwise) for any resulting loss or damage of the reader or any other person.

Any information provided by the author detailed above is separate and external to our business. Our business does not take any responsibility for any action or any service provided by the author. Any links have been provided with permission for information purposes only and will take you to external websites, which are not connected to our company in any way. Note: Our company does not endorse and is not responsible for the accuracy of the contents/information contained within the linked site(s) accessible from this page.

4 areas any robust data security policy should cover

No matter the size of your business, maintaining robust a data security policy is an important tool to help protect against theft or loss.

Businesses need to capture more data than ever, but as recent headlines show, it’s not always easy to securely store and maintain it.

Data loss or compromise can cost companies dearly: in fact, IBM research indicates the global average total cost of a data breach is around $4.35 million in 2022.

And with high-profile breaches occurring regularly, posing a threat to both individuals and organisations, the onus is on everyone to make sure the principles of data protection are understood and communicated clearly.

For businesses, the stakes are high, so the best thing to do is act now to incorporate security processes into a business-as-usual approach to data protection – and that includes the creation, review or updating of your data security policy.

If you’re in the process of reviewing or writing a new data security policy, here are four key areas that should be covered if you’re to maintain vigilance against data theft, loss or leaks.

1. Advise on the proper use of devices

Provide direction on where and how your staff should keep their devices and tell them that if a company device is lost or stolen, you need to know immediately.
Keeping devices up-to-date with the latest software is also a core aspect of data protection your employees need to know about.

The Australian Cyber Security Centre recommends turning on automatic updates for operating systems, to regularly check for software updates when automatic updates aren’t available, and install software updates as soon as they arrive.

2. Create best practices for password security

Enable multi-factor authentication to make sure only legitimate people have access to your business data.

If you don’t have multi-factor authentication enabled, you may want to encourage employees to use passphrases (a longer, sentence-like string of words) instead of a short word.

Passwords can be very easy to guess, whereas a passphrase can be anything, making them highly secure while still being easy enough for the individual to remember.

Using a secure password manager may also be a good solution for your employees to stay on top of all their accounts.

3. Educate employees about phishing and other scams

Using an anti-spam filter limits the number of phishing emails that your employees may receive on their work accounts, but they still need to be alert to scams and business email compromise attacks.

Train your team to question the unusual, such as payment or personal information requests over email.

In these instances, employees should seek verification face-to-face or via another channel, because a cybercriminal may have infiltrated someone’s email and be impersonating them.

4. Don’t forget employee offboarding processes and policies

When staff leave your employment, they should return all their company devices and equipment.

In addition, it’s equally important to remove leavers as a user from company systems, so they’re not able to continue to access your business data and intellectual property for personal gain or the benefit of their new employer.

Act now to protect sensitive business data

Daily practices and constant rigor are crucial for reducing data security risks in all businesses.

It’s important not to leave matters to chance, but to put a proactive plan in place that incorporates data security, storage, back-up and recovery.

The final but perhaps most important element is your team. Whatever their role in your business, train your staff to do what they can to prevent data loss or leaks.

Source: MYOB October 2022

Reproduced with the permission of MYOB. This article by Peter Wolski was originally published at https://www.myob.com/au/blog/data-security-policy/

Any information provided by the author detailed above is separate and external to our business and our Licensee. Neither our business nor our Licensee takes any responsibility for any action or any service provided by the author. Any links have been provided with permission for information purposes only and will take you to external websites, which are not connected to our company in any way. Note: Our company does not endorse and is not responsible for the accuracy of the contents/information contained within the linked site(s) accessible from this page.

Busted! Scam myths

We’re serving up the truth about some common scam myths that you might have heard, especially around tax time.

Myth 1: Only older people get scammed

Busted! Last year people aged 25 to 34 lost the most to tax scams, followed by those aged 18 to 24. Tax scams target everyone. If you get a phone call from the ATO and it doesn’t sound right, hang up and phone us to double-check.

Myth 2: Scams are easy to spot

No, they’re not! Scams aren’t always full of typos and bad grammar. Tech advancements mean scams, including tax and super scams, are hard to identify. Whenever you get an SMS or email, stop and think before you click a link.

Myth 3: Tax scams only happen at tax time

Wrong. While you might be focused on getting ready to lodge your tax return, scammers work hard all year round. We see different types of tax and super scams throughout the year.

Be a ‘scambassador’ and talk to your colleagues about tax and super scams you’ve heard about. Sharing this information could help them the next time they get a suspicious phone call or email.

Source: ato.gov.au July 2022
Reproduced with the permission of the Australian Tax Office. This article was originally published on https://www.ato.gov.au/Newsroom/smallbusiness/General/Busted!-Scam-myths/

Important:

This provides general information and hasn’t taken your circumstances into account. It’s important to consider your particular circumstances before deciding what’s right for you. Although the information is from sources considered reliable, we do not guarantee that it is accurate or complete. You should not rely upon it and should seek qualified advice before making any investment decision. Except where liability under any statute cannot be excluded, we do not accept any liability (whether under contract, tort or otherwise) for any resulting loss or damage of the reader or any other person.

Six simple ways to protect your passwords

You use passwords to access your bank accounts, social media, email and more every day.

Passwords are the keys to our online identity. That’s why protecting them is so important.

Creating a strong password is the first step to protecting yourself online. This helps reduce the risk of unauthorised access by those willing to put in a bit of guesswork.

To help stay safe online, follow these password tips.

1. Make your passwords strong

Short and simple passwords might be easy for you to remember, but unfortunately they’re also easier for cyber criminals to crack.

Strong passwords have a minimum of 10 characters and a use mix of:

uppercase and lowercase letters
numbers
special characters like !, &, and *.

Use passphrases

You may like to consider using a passphrase instead of a traditional password.

Passphrases are considered more secure than regular passwords, and easier to remember too.

A passphrase is used in the same way as a password, but is a longer collection of words that is meaningful to you, but not to someone else.

For example, the passphrase ‘CloudHandWashJump7’ is 17 characters long and contains a range of different characters. This is more complex than the average password.

Having complex passwords is important to deter ‘brute force’ attacks, in which a computer program cycles through every possible combination of characters to guess a password. These automated attempts at guessing passwords are not slowed down by numbers or capital letters, but depend on how long a password is.

Depending on the systems you access, you may be limited to a defined number of characters.

2. Make passwords hard to guess

Could someone who knows you guess your passwords? For this reason, it’s best to avoid using personal information such as your children, partner or pets name, favourite football team or date of birth as your password.

When trying to hack into an online account, cyber criminals start with commonly found words and number combinations.

So it’s best to avoid using:

dictionary words
a keyboard pattern like qwerty
repeated characters like zzzz
personal information like your date of birth or pet’s name.

Security companies publish lists each year of the most common passwords exposed in data breaches. Read the list from 2020. Make sure you’re not using them, because it’s likely criminals will try these passwords first.

3. Create new, unique passwords

If you need to reset a password, don’t just change one part of it.

Instead of changing a number at the beginning or end, create something completely new you’ve never used before.

If your original exposed password had a ‘1’ at the end, an attacker would likely try ‘2’ next. That’s why it’s important to change the whole password.

Get into the practice of changing your password often, ideally every few months.

4. Don’t share passwords, ever.

Never share your password with someone, not even with someone you trust.

What about family and friends?

Regardless of whom you share it with, once you share your passwords you lose control of how it’s stored or how and when it’s used.

What if a business or company I know asks for my password?

Reputable companies won’t ask you to give them your password over the phone or via emails or SMS messages. This might be a warning sign of phishing or a scam; you can read more about phishing on our security alerts page.

NAB will never ask you for your password or PIN, either by email, SMS, over the phone or at a branch. We may ask you to provide a one-time code to verify yourself when you call our contact centre. These messages will clearly state that we will ask you for the code.

You may not be covered for fraud

One of your responsibilities as a NAB account owner and user of internet banking is to protect your password. Sharing your passwords or PINs may affect a claim for any money lost due to fraud.

5. Use different passwords for each of your online accounts

Using different passwords means that if one of your accounts is breached, criminals won’t have access to other accounts that use the same password.

Make each of your passwords for online logins unique. This will help protect you from attacks like ‘credential stuffing’.

Credential stuffing

Credential stuffing is an automated technique used by criminals. They test a user’s known username and password combinations across multiple online accounts.

As many people use the same credentials for multiple sites, it can give criminals easy access to multiple accounts.

This gives criminals an opportunity to gather more information about you, which they might use to impersonate you online to access accounts under your name.

For example, it’s not a good idea to use the same password for an online pizza delivery website and your business email. If the pizza delivery site is compromised, you don’t want someone to also have access to your business email account.

6. Store passwords safely

Writing passwords down is never recommended. You could lose them, or someone else could see them and use them.

Password management tools

There are programs and apps known as password managers that will store all your passwords in a secure vault.

A password manager only needs one strong password to access it and has extremely strong protection to make sure that only you can access it.

This means you only need to remember one password to have access to all your passwords.

Password safes can even generate and store new, complex passwords for you when you create new online accounts.

Don’t allow web browsers to store your NAB password

Some web browsers may display a pop-up message, asking whether you want the browser to remember your login details.

For the protection of your personal information, NAB recommends that you select ‘Never for this site’ if you see this message when using NAB Internet Banking.

For more information, check out the Australian Cyber Security Centre’s guide on creating secure passphrases.

Source: NAB

Reproduced with permission of National Australia Bank (‘NAB’). This article was originally published at https://www.nab.com.au/about-us/security/online-safety-tips/protect-your-passwords

National Australia Bank Limited. ABN 12 004 044 937 AFSL and Australian Credit Licence 230686. The information contained in this article is intended to be of a general nature only. Any advice contained in this article has been prepared without taking into account your objectives, financial situation or needs. Before acting on any advice on this website, NAB recommends that you consider whether it is appropriate for your circumstances.

Important:
Any information provided by the author detailed above is separate and external to our business and our Licensee. Neither our business nor our Licensee takes any responsibility for any action or any service provided by the author. Any links have been provided with permission for information purposes only and will take you to external websites, which are not connected to our company in any way. Note: Our company does not endorse and is not responsible for the accuracy of the contents/information contained within the linked site(s) accessible from this page.

Protect your identity

If your personal information falls into the wrong hands, it can be used to steal your identity.

If you think your identity has been stolen, report it to your local police and your bank, and change your passwords.

Signs of identity theft

If your identity has been stolen, you may not realise for some time. These are some signs to look out for:

Unusual bills or charges that you don’t recognise appear on your bank statement.
Mail that you’re expecting doesn’t arrive.
You get calls following up about products and services that you’ve never used.
Strange emails appear in your inbox.

Act fast if your identity is stolen

What to do if you think your identity has been stolen.

Report it to the police

Report it to your local police department. Ask for the police report number so you can give it to your bank.

Contact your bank

Contact your bank so they can block the account. This will stop a scammer from accessing your money. You may also need to cancel any credit or debit cards linked to your accounts.

Change your passwords

If someone has stolen your identity, they may know your passwords. Change your passwords straight away. Think about all of your online accounts, including social media and other bank accounts.

Report it to the relevant websites

If you think someone has hacked into your online accounts, report it to the relevant websites.

Alert family and friends

If someone has taken over your social media accounts or your email address, alert your family and friends. Tell them to block the account.

Report it to the ACCC

The ACCC’s Scamwatch collects data about scams in Australia. Your report helps Scamwatch create scam alerts to warn the community.

Contact IDCARE

IDCARE is a free service that will work with you to develop a plan to limit the damage of identity theft.

Protect yourself from identify fraud

Simple steps you can take to avoid identity theft.

Secure your mail

Put a lock on your street mailbox so that people can’t steal your mail.

Shred your documents

Letters from your bank, super fund and employer can all contain personal details scammers can use to steal your identity. Shred these kinds of letters before you throw them out.

Use public computers with caution

If you use a public computer, for example, at a library, make sure you clear your internet history and log out of your accounts.

Be careful on social media

Be aware of what you post on social media, particularly if your profile is public. Scammers can find out where you live, work and visit through your posts.

Use strong passwords

Make sure your passwords are long and contain a mix of numbers, symbols, capital letters and lowercase letters. Strong passwords make it harder for people to hack into your accounts. The Australian Cyber Security Centre has some useful tips to protect your information online.

Use security software on your computer

Use virus protection software to help stop hackers from accessing your information. This software can help protect you if you click on a suspicious link or visit a fake website.

Monitor your bank transactions

Check your bank statements and online accounts regularly for unusual transactions. If you spot something unusual, check it with your bank and find out if you need to act.

Request a copy of your credit report

Check your credit report for any unusual or incorrect debts. Find out how to get a free copy of your credit report.

Source:
Reproduced with the permission of ASIC’s MoneySmart Team. This article was originally published at https://moneysmart.gov.au/banking/identity-theft

Important note: This provides general information and hasn’t taken your circumstances into account. It’s important to consider your particular circumstances before deciding what’s right for you. Although the information is from sources considered reliable, we do not guarantee that it is accurate or complete. You should not rely upon it and should seek qualified advice before making any investment decision. Except where liability under any statute cannot be excluded, we do not accept any liability (whether under contract, tort or otherwise) for any resulting loss or damage of the reader or any other person. Past performance is not a reliable guide to future returns.

Important
Any information provided by the author detailed above is separate and external to our business and our Licensee. Neither our business nor our Licensee takes any responsibility for any action or any service provided by the author. Any links have been provided with permission for information purposes only and will take you to external websites, which are not connected to our company in any way. Note: Our company does not endorse and is not responsible for the accuracy of the contents/information contained within the linked site(s) accessible from this page.

Cyber security – protecting yourself at home

Greater flexibility in working arrangements has been a by-product of the pandemic, as working from home has become more widespread.

While this flexibility has many benefits, it does also bring downsides, such as the increase in cyber security risks. With working from home to continue to be a reality for many, as workplaces move to more flexible working arrangements, here’s what we can do to stay safe.

Why cyber security is of greater risk at home

According to the ACSC Annual Cyber Threat Report 2020-21, there was an increase in the average severity and impact of reported cyber security incidents, with nearly half categorised as substantial. And there were over 67,500 cybercrime reports, an increase of nearly 13% from the previous financial year.

Not only are cyber security attacks impactful to the individual, but they also take a toll on businesses. The Australian Cyber Security Centre (ACSC) found that the total estimated cost of cyber security incidents to Australian businesses is $29 billion per year.ⁱ

With so many Australians working from home, it’s no coincidence that the rates of cyber security attacks are on the rise. When we work from home, we are no longer protected by a closed office network, so we are at greater risk of cyber security threats.

Given we tend to be working alone at home, this also makes us more vulnerable to scams and phishing attempts. Click on a suspect email in the office, and it’s either caught before it gets to you or you can ask a co-worker if they have received the same. With fewer opportunities for water cooler chat, you are more likely to be out of the loop.

How to stay safe

There are various ways you can protect yourself from cyber-attacks, and you don’t need to be an IT whiz to do so.

Install antivirus and security software

Your first layer of protection should be the use of antivirus and security software, such as Norton or Bitdefender. If you already have this software installed, ensure that it is up to date.

Update software, including all security updates

You also want to stay up to date with your software, so don’t skip those security updates that appear on your computer and phone. You can turn on automatic updates, so you don’t have to worry about missing these.

Secure your home Wi-Fi

As well as having a secure password for your home Wi-Fi, you should also use a strong encryption protocol for your router (currently WPA2 is the most secure type of encryption) – you can check this through your device settings.

Review and update your passwords

If you have had the same password for years and don’t have variations for different purposes, it’s worth updating your passwords. It sounds obvious, but don’t choose a password that will be easy to guess, such as something relating to your street name or workplace.

Opt for multi-factor authentication

Multi-factor authentication provides an extra layer of security when it comes to accessing your devices, making them harder to hack into. An example of multi-factor authentication is the combined use of a secure password, an item such as a security key or token, and a validation such as a SMS or email.

Be aware of scams

Scamwatch.gov.au is regularly updated with the latest scams. Run by the ACCC, this website contains comprehensive and current information on scam attempts such as phishing and extortion. Share this info with family and friends so they also know what to be on the alert for.

Consult with your IT Department

If your workplace has an IT Department, contact them to ask for any additional tips on how you can stay secure working from home.

This advice may not be suitable to you because it contains general advice that has not been tailored to your personal circumstances. Please seek personal financial advice prior to acting on this information. Investment Performance: Past performance is not a reliable guide to future returns as future returns may differ from and be more or less volatile than past returns.