Welcome to this month’s edition of Cyber Insights! In this issue, we explore the newest scam targeting financial aid schemes, reveal recent security breaches, and delve into AI-driven attacks.
SCAM ALERT
Scammers are increasingly targeting Australians experiencing financial hardship by impersonating legitimate charities and government assistance programs. These fraudsters use emails, text messages, or phone calls to offer fake financial aid schemes, often claiming to provide grants or emergency relief funds. They request personal details such as bank account information or identification documents under the guise of processing applications. Once obtained, this data is used for identity theft or further fraudulent transactions.
In a related trend, phishing campaigns are circulating via SMS, purporting to be from banks like CommBank, notifying recipients of “awards” or rewards points that require urgent claiming through a provided link. These messages lead to fake websites designed to capture login credentials and financial details.
To protect yourself from these scams:
- Verify any unsolicited offers of assistance by contacting the organisation directly using official contact details from their website, not those provided in the message.
- Avoid clicking links in unexpected texts or emails; instead, log in to your accounts through official apps or websites.
- Report suspicious activity to Scamwatch or your financial institution immediately to prevent wider exploitation.
SECURITY BREACHES
Qantas
Exploit: Hacking
Industry: Transportation
Australia’s Qantas airline confirmed a significant cyber incident affecting one of its third-party contact centres, resulting in unauthorised access to approximately 6 million customer accounts. The breach exposed personal information, including names, email addresses, phone numbers, and Frequent Flyer details. The airline stated that no financial data or passwords were compromised, but it has notified affected customers and is offering credit monitoring services. Investigations are ongoing with cybersecurity experts, marking one of the largest breaches in Australia this year and highlighting vulnerabilities in third-party vendors. Read more here
Disney
Exploit: Data Theft
Industry: Entertainment
Entertainment giant Disney suffered a data breach where proprietary information, including internal documents and intellectual property, was stolen. The incident also impacted 19 other companies through a compromised business services provider. Disney has engaged forensic teams to investigate, but the breach underscores the risks of interconnected supply chains in the media industry. No customer data was reportedly affected, though the full scope remains under review. Read more here
CYBERSECURITY TIPS
As artificial intelligence (AI) becomes more integrated into daily operations, cybercriminals are leveraging it to create sophisticated threats, such as automated phishing emails and adaptive malware that evades detection. These AI-powered attacks can scale rapidly, making them more efficient and harder to identify.
Key Concerns:
- Automated scaling allows attackers to target thousands simultaneously.
- Convincing phishing uses AI to personalise messages based on stolen data.
- Malware that evolves in real-time to bypass security protocols.
To safeguard against these emerging risks:
- Implement AI-driven security tools for real-time threat detection and response.
- Stay updated on AI advancements through reliable sources and training programs.
- Foster collaboration within your organisation and the broader cybersecurity community to share intelligence on new threats.
- Conduct regular risk assessments and simulate AI-based attack scenarios to strengthen defences.
Find out more about cybersecurity for your business here or book a complimentary consultation with our Chief Information Security Officer, Chris Haigh here
