Pop up – Demo

Subscribe Form Popup

ShareThis

Microsoft-365-business-Popup

We're here to help Fill out the simple form below & one of our IT experts will be in touch
  • This field is for validation purposes and should be left unchanged.

Mercury IT Managed Services | Brisbane | Gold Coast | Melbourne Logo
1300 668 223 Client login

Cybersecurity

Home / Cybersecurity / Cyber Insights with Mercury IT- February 2025
Contact Us
19 FebCybersecurity

Cyber Insights with Mercury IT- February 2025

Cyber Insights Feb 2025

Welcome to this month’s edition of Cyber Insights! In this issue, we explore Business Email Compromise, cover the latest security breaches, and share tips on protecting your privacy around always-listening devices.

SCAM ALERT

Understanding Business Email Compromise (BEC)

Business Email Compromise (BEC) is a growing threat to companies of all sizes. One common tactic involves manipulating invoices, which can lead to significant financial losses.

Here’s how it typically works:

  1. A criminal hacks into your supplier’s email account.
  2. They send you an invoice that looks legitimate but with altered bank details.
  3. If you pay without verifying, the money goes to the criminal instead of your supplier.

The Tricky Part

The email comes from your actual supplier’s address, making it hard to spot the fraud. The only suspicious element is the change in bank account details.

A Real-World Example
Our Chief Information Security Officer, Chris Haigh recently shared a post on LinkedIn about this issue, read full post here

Legal Implications

A recent court case ruled that the invoice recipient has a duty to verify the authenticity of invoices and their details. This means your business could be held responsible, even if it wasn’t your email that was hacked.

Protecting Your Business

To safeguard against BEC and invoice fraud, consider these steps:

  1. Implement a verification process for any changes to bank account details, such as a phone call to confirm.
  2. Train your staff on the importance of following this process without exception.
  3. Consider cyber insurance as an additional layer of protection against cybersecurity attacks.

By following these guidelines, you can significantly reduce your risk of being a victim of BEC and other cyber threats.

SECURITY BREACHES
Deepseek

Cybersecurity researchers at Wiz Research revealed on January 29 that DeepSeek, a Chinese AI-driven data analytics company, suffered a significant data leak, exposing over one million sensitive records. Researchers discovered that the company had a misconfigured cloud storage instance containing a large database that was left publicly accessible without proper authentication and access controls. The database contained a variety of sensitive information including chat logs, system details, operational metadata, API secrets and log streams. Read more here

British Museum In London Great CourtThe British Museum was forced to close several galleries and temporary exhibitions after a former employee allegedly disrupted its IT system. The incident occurred when a contractor who had been fired entered the museum and gained access to its IT network before being apprehended. London’s Metropolitan Police confirmed the arrest of a man in his fifties. The museum has not disclosed the extent of the IT breach but stated it is working to resolve the disruption. Investigations are ongoing. Read more here
CYBERSECURITY TIPS

Staying Safe Around Always-Listening Devices

With the overwhelming popularity of always-listening devices such as Alexa, Google Home, and smartphones, you’ve probably heard stories of these devices joining in on conversations without being prompted. Perhaps it’s even happened to you!

While this idea can be alarming and unsettling, there are ways to protect your private information, and conversations, from these always-listening devices.

To help you stay safe from these devices, here are some tips:

  • Review and delete voice recordings: Your device will store your search and activity history to create a customised experience for you. However, you can review and delete these recordings from the device of your choice in order to protect your privacy.
  • Mute the microphone: You can mute your microphone to ensure that your device is not listening and recording when you are not using it. The recording capabilities will remain off until you turn them back on.
  • Don’t link accounts with sensitive information to your device: If you have any accounts containing your sensitive information in them, it is best not to link those accounts to your device. This will keep your sensitive information secure from potential data breaches.
  • Change the settings to automatically manage data stored by the device: Personally, managing what data is linked with your account will give you more control over the information stored by your device and will save you time when deleting your history.
  • Turn off your device when you’re away: When in doubt, turn it off. If your device does not have a power button, simply unplug it.

By making a habit of unplugging and deleting voice recordings from these always-listening devices, you can help ensure that there is an extra layer of protection between them and your private information.

Find out more about cybersecurity for your business here or book a complimentary consultation with our Chief Information Security Officer, Chris Haigh here

About the author

Mercury IT