The Collective

Information Learning Technology

Mr. Richard Hardy - Director of Information Learning Technology

Phishing is not Phunny!

The Covid Pandemic has had a negative impact on all aspects of daily life. Lockdowns have seen a significant decrease in economic performance across the country as well as impacting society's social and emotional wellbeing. In addition, social isolation has led to an increased reliance on the internet, with many activities moving to an online basis such as education, work, shopping, and socialising. With such an increase in online activity, it is no surprise that one area of growth in these difficult times has been in the area of cybercrime. 

 

The Australian Cyber Security Centre (ACSC) has indicated an increase of reported cybercrime of almost 13% compared to the last financial year. This equates to a cyber-attack every 8 minutes. They found that 75% of reported pandemic-related cybercrime resulted in Australians losing money or personal information. The average loss due to cybercrime increased to more than $50,600 (AUD), over one-and-a-half times higher than the previous financial year. The ACSC Annual Cyber Threat Report indicated that Queensland had the highest proportion of cybercrime reports (30%) made in 2020 – 2021.

According to Verizon's 2020 Data Breach Investigations Report (DBIR), phishing attacks are the most common cause of data breaches globally.  Additionally, the 2021 DBIR indicated that phishing incidents had increased 11% from last year.

 

Oxford Languages define phishing as "the fraudulent practice of sending emails purporting to be from reputable companies to induce individuals to reveal personal information, such as passwords and credit card numbers."

 

The term phishing is analogous to fishing, i.e., fishing for usernames, passwords, etc., from a sea of users. Hackers generally use the letters "ph" instead of "f"; hence phishing was born.

 

Email Phishing – is the most common form of phishing, with hackers sending emails to as many people as they can in the hope that some will:

  • Respond with their personal information
  • Click on a link that will load malware onto their computer or 
  • Respond so they can hack into their email account and start sending spam mail using their account

Opening an email attachment if you don't know what the attachment contains is a severe security breach!

 

In the past, phishing emails were easy to recognise because they were poorly written or contained spelling errors; however, current phishing messages are more sophisticated and personalised. It can be very difficult at times to discriminate between these malevolent messages and sincere communications.

 

The ACSC lists the organisations that are commonly used for phishing scams:

  • State police or law enforcement (fake fine scams)
  • Utilities such as power and gas (counterfeit bills and overdue fines)
  • Postal services (parcel pick-up scams)
  • Banks (fake requests to update your information)
  • Telecommunication services (counterfeit bills, fines, or requests to confirm your details)
  • Government departments and service providers such as the Australian Taxation Office, Centrelink, Medicare, and myGov

If you find that you have responded to a phishing email and provided account or financial details:

  • Immediately contact your bank to freeze the account and update PINs or change your account
  • Immediately change any usernames and passwords provided to prevent unwarranted access

If you click on a phishing link: 

  • Disconnect your device from the internet
  • Back up your files and 
  • Scan your system for malware

Different Forms of Phishing

This form of cybercrime has expanded into many different formats:

Spear Phishing – Is a more targeted type of phishing that uses data collected on an individual or business to be more convincing. They tend to use urgent and familiar language to encourage immediate action.

 

Whaling – An even more targeted form of phishing that goes after the "big fish," e.g., the CEO or CFO of a specific business.

 

Mobile Phishing (Smishing) – Fake SMS, social media message that asks users to update their details or click on a link that will install malware on their device.

 

Voice Phishing (Vishing) - A strongly worded voicemail that urges urgent contact with dire consequences if the person does not call back the number provided. The caller will then try to glean personal and financial details from anyone that calls back.

 

The ACSC website provides the following advice and to take the following steps to protect yourself from phishing attempts:

  • Don't click on links in emails or messages, or open attachments, from people or organisations you don't know. If in doubt – do NOT click on the link or open a file – DELETE!
  • Be especially cautious if messages are very enticing or appealing (they seem too good to be true) or threaten you to make you take a suggested action
  • Before you click a link (in an email or on social media, instant messages, other web pages, or other means), hover over that link to see the actual web address it will take you to (usually shown at the bottom of the browser window). If you do not recognise or trust the address, try searching for relevant key terms in a web browser. This way, you can find the article, video, or web page without directly clicking on the suspicious link
  • If you're unsure, talk through the suspicious message with a friend or family member, or check its legitimacy by contacting the relevant business or organisation (using contact details sourced from the official company website)
  • Use a spam filter to block deceptive messages from even reaching you
  • Understand that your financial institution and other large organisations (such as Amazon, Apple, Facebook, Google, PayPal, and others) would never send you a link and ask you to enter your personal or financial details
  • Use safe behaviour online. Learn how to use email safely and browse the web safely

 

This highlights the importance of remaining vigilant regarding online communication and the need to educate yourself and your family to be protected against cybercrime. Ensure you are aware of the latest threats by signing up to the ACSC Alert Service via their website at www.cyber.gov.au

 

You can also find information about the latest scams on the Australian Government's Scamwatch websitewww.scamwatch.gov.au.

 

Stay Safe!

 

Sources:
Google's English Dictionary provided by Oxford Languages
www.cyber.gov.au
www.trendmicro.com
www.terranovasecurity.com
www.verizon.com