Pop up – Demo

Subscribe Form Popup

ShareThis

Microsoft-365-business-Popup

We're here to help Fill out the simple form below & one of our IT experts will be in touch
  • This field is for validation purposes and should be left unchanged.

Mercury IT Managed Services | Brisbane | Gold Coast | Melbourne Logo
1300 668 223 Client login

News

Home / News / Cyber Insights with Mercury IT- July 2022
Contact Us
12 JulNews

Cyber Insights with Mercury IT- July 2022

Cyber Insights July 2022

Welcome to Cyber Insights. In this edition we highlight the scams that often surround Amazon Prime Day, share the latest security breaches and provide our top cybersecurity tips for the month.

SCAM ALERT

Amazon Prime Day 2022 begins today, so you might expect some Amazon deliveries soon. But unfortunately, while you may use Prime Day for incredible deals, cybercriminals use Prime Day for awful scams.

Cybercriminals may take advantage of Prime Day in different ways. Still, there are some common scam tactics that they typically use. For example, they may include the Amazon logo in their phishing emails to make their emails seem more legitimate. Their emails may also include links that send you to fake Amazon login pages.

If you enter your Amazon login credentials on one of the fake pages, cybercriminals can use these credentials to change your Amazon account password and log you out of your account. Then, they can make purchases using your saved payment information.

To keep your Amazon account secure, follow the tips below:

  • If you receive an email from Amazon about an upcoming delivery or an account update, don’t click any links in the email. Instead, log in to your Amazon account directly from your browser to check on the issue.
  • Enable multi-factor authentication (MFA) on your Amazon account. MFA adds an additional layer of security by requiring you to present two or more verification factors to log in to your account.
  • Cybercriminals often use scare tactics to trick you into clicking links without thinking. If you receive an email that urges you to take immediate action, stop and evaluate the message before you click any links.
BREACH UPDATE 

Exploit: Insider Risk (Employee Error)
iCare: Insurer

Risk to Business: Severe

State insurer iCare is in the hot seat after an employee mistakenly shared the details of almost 200,000 injured workers with 587 employers and insurance brokers after sending the incorrect cost of claims analysis reports to the wrong recipients. The employee information was contained in spreadsheets that were mistakenly sent as attachments to the wrong employers. The company sent impacted workers an apology for the incident in May 2022.

Risk to Individual: Severe

The missent cost of claims reports included a summary of workers’ claims history, their name, date of birth and injury category, workers’ policy number, a breakdown of weekly payments, claim costs and gross amounts paid, but no banking or contact details.

Read more about the security breach here >>

CYBERSECURITY TIPS
When signing into a website such as Facebook or Amazon, have you ever seen the beginning of the URL change from “HTTP” to “HTTPS”? How about a small lock icon at the top of your browser? The “S” in “HTTPS” stands for “secure” and indicates that your web browser is accessing the website through a secure connection that no one else can access. The lock icon also shows that the website is secured with a digital certificate.

However, a website is not necessarily secure just because “HTTPS” is included in the URL. A website using HTTPS can be safer than a website using HTTP, but cybercriminals can get HTTPS certificates, too. Cybercriminals often use HTTPS URLs to trick unsuspecting victims into clicking phishing links.

HTTPS websites can offer a false sense of security, so you may be tempted to automatically trust them. However, it’s important to remember that even legitimate HTTPS websites may have vulnerabilities that cybercriminals can exploit. Therefore, you should never rely on an HTTPS URL or even the lock icon at the top of your browser for security.

Tips to Stay Safe

Follow the tips below to make sure the website you’re visiting is secure:

  • Watch out for misspelled domains. For example, a link may contain the word “Annazon” instead of “Amazon.” Some misspellings are easier to catch than others, so make sure to look closely!
  • If you receive a login link through email or text message that you weren’t expecting, don’t click it. Cybercriminals can send you malicious links that look legitimate. Instead, always navigate directly to the website.
  • Remember to look for the “S” in “HTTPS” before you enter any sensitive information into a web browser. Even then, remain cautious

Find out more about cybersecurity for your business here or book a complimentary consultation with our Chief Information Security Officer, Chris Haigh here

About the author

Alisha Christian