Pop up – Demo

Subscribe Form Popup

ShareThis

Microsoft-365-business-Popup

We're here to help Fill out the simple form below & one of our IT experts will be in touch
  • This field is for validation purposes and should be left unchanged.

Mercury IT Managed Services | Brisbane | Gold Coast | Melbourne Logo
1300 668 223 Client login

Cybersecurity

Home / Cybersecurity / Cyber Insights with Mercury IT- September 2024
Contact Us
10 SepCybersecurity

Cyber Insights with Mercury IT- September 2024

Welcome to the latest issue of Cyber Insights!  In this edition, we showcase some scam statistics, review the latest security breaches, and offer tips on privacy policies.

 SCAM ALERT

In this scam, cybercriminals are using Google search results to try to trick you into calling a phone number that they control. If you search for an organisation on Google, scammers can manipulate the search results to display a fake phone number for the organisation. Don’t take a chance of losing your investments on a risky phone call.

If you search on Google and call the fake number from one of these manipulated search results, you will be connected to a scammer. They will attempt to trick you out of your money by saying that your account needs updates or you need to transfer funds. They may ask you for your login information so that they can access your account. Once they gain access to your account, they can quickly transfer your funds to accounts that they control. This is one investment that you don’t want to risk!

Follow these tips to avoid falling victim to a phone number scam:

  • Confirm that you are on the organisation’s official website if you are going to buy one of their products or use one of their services.
  • Double-check that the listed phone number is the same one on the organisation’s official website.
  • Report any fake listings, ads, or any other type of disinformation through Google’s Report services.
Latest Security Breaches

Exploit: Ransomware 

The Washington Times: Newspaper

Risk to Business: MODERATE

The Washington Times, an influential U.S. newspaper, was reportedly compromised by the Rhysida ransomware group, which listed the paper as a victim on its dark web blog. The group claims to be auctioning the Washington Times’ “exclusive” data, including corporate files and employee documents, for 5 bitcoins (approximately $304,518) with a seven-day deadline to start the auction. Read more here

Exploit: Third Party (Misconfiguration)

Toyota: Carmaker

Risk to Business: MODERATE

Toyota revealed that a misconfigured cloud bucket exposed over 2.15 million customer records to the open internet for over 10 years, from November 2013 to April 2023. The breach affects customers of Toyota’s Connected services in Japan. Additionally, the ZeroSevenGroup cybercrime gang claims to have stolen data “from a U.S. branch”, potentially a Toyota dealer, including employee and customer details, but the provenance of the data they published has not been confirmed. Toyota says that none of its internal systems were breached, pointing to an unnamed third party as the source of the data. Read more here

Cybersecurity Tips

What are AI Art and Deepfakes?
AI art is generated using billions of images and examples of art. When you enter a prompt, the AI art generator builds an image for you by combining many of these examples into a single image. Deepfake technology is similar, but it involves manipulating real photographs and videos of people and places. This technology can make it look like a person did or said something that they never did. Both of these technologies can be used in a harmless way, but cybercriminals have learned to use them maliciously.

Deepfake Scams
Scammers can use deepfake technology to impersonate celebrities or other public figures. This type of scam can make it seem like a celebrity has endorsed a product even though they have not. Scammers use this technique to trick people into purchasing a fake product, and they will steal consumers’ personal or financial information. Deepfakes can be used for political figures as well. A deepfake video can make it appear that a government official said or did something that they didn’t say or do. These types of videos can be used to lure people into visiting fake websites or clicking on fake news articles.

AI-Generated Art and Photograph Scams
Cybercriminals commonly use AI in online romance scams. They can generate fake photographs to use in dating profiles to try and steal money or information from their victims. The cybercriminals will also use current events as the subject of their scams. They use AI to create realistic photographs of tragedies and other events. They post the photographs on fake websites to coerce people into donating money to a charity organisation. The organisation is fake, of course, and the cybercriminals will keep any donated money.

What Can I Do to Stay Safe?

Follow the tips below to keep yourself safe from AI art scams:

  • AI-generated images often have subtle differences or mistakes. Keep an eye out for anything in the photograph that appears to be unusual. A hand with more than five fingers or a photograph with strange lighting or shadows are common signs that an image was created with AI
  • Always stop and think before clicking or taking action. If a photograph or image seems bizarre or too good to be true, it could be a scam.
  • When possible, verify the claim in a different location. For example, if you see a video with a celebrity endorsement, check that person’s official website for proof that they are actually involved with the product.

Find out more about cybersecurity for your business here or book a complimentary consultation with our Chief Information Security Officer, Chris Haigh here

About the author

Mercury IT