Pop up – Demo

Subscribe Form Popup

ShareThis

Microsoft-365-business-Popup

We're here to help Fill out the simple form below & one of our IT experts will be in touch
  • This field is for validation purposes and should be left unchanged.

Mercury IT Managed Services | Brisbane | Gold Coast | Melbourne Logo
1300 668 223 Client login

Cybersecurity

Home / Cybersecurity / Cyber Insights with Mercury IT- January 2023
Contact Us
11 JanCybersecurity

Cyber Insights with Mercury IT- January 2023

Cyber Insights January 2023 Jpg

Welcome to Cyber Insights for 2023! In this edition we unpack the latest Facebook scam, current breaches and share our top tips on creating secure passwords!

Scam Alert

Organisations and public figures typically use Facebook pages to connect with their community. However, anyone can make a Facebook page, even cybercriminals. They use social media, and cybercriminals spoof brands and organisations to trick people into trusting them. In this recent scam, cybercriminals use actual Facebook pages to impersonate Facebook itself.\

The scam starts with a fake email that looks like it’s from Facebook. The email states that your account has been deactivated and will be deleted in 48 hours unless you click a link. If you click the link, you’re taken to an actual Facebook post from a page named “Page Support” that uses the Facebook logo. The post directs you to click another suspicious link that takes you to a fake login page. If you enter your login credentials, you’ll give cybercriminals access to your Facebook profile and the ability to scam your friends and family.

Don’t be fooled! Follow the tips below to stay safe from similar scams:

  • Watch out for a sense of urgency in emails. Phishing attacks rely on impulsive actions, so always think before you click.
  • Remember that this type of attack isn’t exclusive to Facebook. Cybercriminals could use this technique on any other social media platform.
  • If you receive an urgent notification, verify that it’s legitimate. Then, navigate directly to the organisation’s website or official app to view details.
Latest Breaches

Exploit: Hacking
LastPass: Software Company
Risk to Business: EXTREME

LastPass has experienced a second data breach. The company disclosed in its blog that hackers used information obtained in the August 2022 LastPass breach to access customer information in third-party cloud storage shared with its corporate partner GoTo. LastPass specified that customers’ stored passwords were unaffected and remained safely encrypted. It is unclear whether or not clients of GoTo and LogMeIn were affected by this incident. All the brands involved said that the incident is under investigation. LastPass specified that it engaged Mandiant as part of that effort. No specifics as to what information was exposed were available at press time.

Read more here >>

Exploit: Misconfiguration
Telstra: Telecommunications
Risk to Business: SEVERE

Another breach at Telstra has left the information of over 130,000 customers whose details were supposed to be unlisted exposed. The company pointed to a “misalignment of databases” as the cause behind the incident, which made the name, addresses and phone numbers of customers who had requested to be unlisted available via Directory Assistance or the White Pages. Telstra says it has partnered with IDCARE to develop a response plan and support affected individuals. In October, Telstra also suffered a security breach that exposed the personal data of an estimated 30,000 past and present Telstra employees days after the massive Optus incident.

Read more here >>
Cybersecurity Tips

Creating strong passwords should be your top priority in keeping your online life secure. Weak passwords can lead to stolen identities, data or money loss, and even the loss of a job and reputation.

You’ve probably heard suggestions for creating secure passwords before. Experts advise using long, complex, random words, letters, numbers, and special character combinations. However, that advice has changed to longer passwords without the need for complexity. To improve your password security, use the following advice:

  • Make your passwords more secure. Strong passwords typically contain at least eight characters. Longer passwords or passphrases are more secure than shorter passwords with complexity.
  • Make use of a passphrase. Recently, security standards strongly advise against using a single word as a password. Instead, a good passphrase is unique to you so that you remember it, but also one that is secret enough that no one else can guess it.
  • Never use obvious or personal information in your passwords. For example, never include your name, email address, phone number, birth date, or other personal information.
  • Never use the same password for more than one account. If cybercriminals steal your password from one account and use it on other accounts, you’ve given them access to all the accounts where you’ve used the same password.
  • Make use of a password manager. Use a password manager to create, store, and sync complex passwords across multiple devices if your organisation allows it. You only need to remember one master password with password managers. Check with your internal IT (or other relevant) team to see if this is possible.

Most importantly, if one exists, always adhere to your organisation’s password policy. Password policies are designed to protect you and your organisation.

Find out more about cybersecurity for your business here or book a complimentary consultation with our Chief Information Security Officer, Chris Haigh here

About the author

Mercury IT