Pop up – Demo

Subscribe Form Popup

ShareThis

Microsoft-365-business-Popup

We're here to help Fill out the simple form below & one of our IT experts will be in touch
  • This field is for validation purposes and should be left unchanged.

Mercury IT Managed Services | Brisbane | Gold Coast | Melbourne Logo
1300 668 223 Client login

Cybersecurity

Home / Cybersecurity / Cyber Insights with Mercury IT- July 2023
Contact Us
15 JulCybersecurity

Cyber Insights with Mercury IT- July 2023

Cyber Insights July

Welcome to the latest issue of Cyber Insights!  In this edition we unpack the latest phishing scam, discuss the most recent security breaches and share a checklist for email security.

Current Scams 

Recently, cybercriminals have taken advantage of Cybercriminals use images in phishing emails to impersonate real organisations. Cybercriminals hope to trick you into thinking the email is legitimate using images like official logos and promotional materials.

In a recent scam, cybercriminals have spoofed Delta Airlines to steal sensitive information. The body of the email consists of one large image. The image includes Delta’s logo, a photograph of one of their planes, and an image of a gift card. The email has a message promising a gift card if you act fast and click the image. After clicking the image, you’ll be redirected to a malicious website with a login page. If you enter your login credentials, cybercriminals can access your sensitive information. Remember that cybercriminals can impersonate any legitimate business.

Follow the tips below to spot similar scams:

  • Before you click a link, always hover your mouse over it. Ensure that the link leads to a legitimate, safe website that corresponds with the content in the email.
  • If an offer sounds too good to be true, it probably is. Verify any offers of discounts or promotions by contacting the organisation directly.
  • Remember that this type of attack isn’t exclusive to Delta Airlines. Cybercriminals could use this technique to exploit any airline in any country.
Latest Security Breaches 

Exploit: Ransomware

FIIG Securities: Bond Brokerage

Risk to Business : SEVERE

A cyberattack on Australian bond broker FIIG Securities late last week was the work of the notorious cybercrime gang BlackCat. The group said that they snatched 385 gigabytes of data. FIIG Securities contacted clients to inform them that the attack might have compromised their personal data including their names, addresses, birth dates, driver’s license information, passport scans, bank accounts and tax file numbers. No ransom information was available at press time. The incident has been reported to the Office of the Australian Information Commissioner.

Read more here

 

Exploit: Ransomware

Shell: Fuel Company

Risk to Business : SEVERE

Oil and gas behemoth Shell has announced that it too, is a victim of Cl0p’s cybercrime spree using the MOVEit exploit. The company says there was no damage to its internal systems but that a small amount of employee data was stolen. Shell is among the hundreds of companies added to Cl0p’s dark web leak site. Those companies have been given a deadline of June 21 to pay a ransom or have their data exposed. However, Cl0p posted that Shell refused to negotiate.

Read more here

 

Cybersecurity Tips

The prevalence of phishing scams is at an all-time high. Because you are the key to preventing a cyberattack within your organisation, it is vital to question the legitimacy of every email you receive. Below is a list of questions about any links or attachments on the email that may help you realise that you are being phished.

Are there hyperlinks in the email?

  • Hover over any links and check the link address. Does it match the website for the sender exactly?
  • Did you receive a blank email with long hyperlinks and no further information or context?
  • Does the email contain a hyperlink with a misspelling of a well-known website? (Such as Micorsoft)
  • Is the sender’s email from a suspicious external domain? (like micorsoft-support.com rather than microsoft.com)

What about attachments?

  • Did the sender include an email attachment that you were not expecting or that makes no sense concerning the email’s context?
  • Does the sender ordinarily send you these types of attachments?
  • Did the sender send an email with a possibly dangerous file type? Files with a .TXT extension are typically safe, but beware, files can be disguised with a different file extension.

If you notice anything about the email that alarms you, do not click links, open attachments, or reply. You are the last line of defence to prevent cyber criminals from succeeding and making you or your company susceptible.

Find out more about cybersecurity for your business here or book a complimentary consultation with our Chief Information Security Officer, Chris Haigh here

About the author

Mercury IT