SCAM ALERT
Online gaming continues to draw in millions of players, but not everything in the digital playground is safe—this latest phishing scam is proof. The newest con making the rounds involves Discord, the widely used app that supports voice, video, and text chatting.
Here’s how it plays out: A message pops up on Discord, inviting you to try out a brand-new game. It appears to be from a legitimate game developer, making it easy to believe. If you take the bait and respond, the scammer sends over a link and a password, supposedly giving you access to download the game. But instead of launching a game, that link installs malware on your device.
This malicious software doesn’t just sit quietly in the background. It goes to work stealing your data and can even hijack your account to send the same scam message to your friends. If any of them fall for it, their systems get infected too. So, instead of testing a new release, you’re left with a compromised account, and your contacts could be at risk as well.
SECURITY BREACHES
A breach exposed the personal data of 16,000 subscribers to Nine newspapers, including the Sydney Morning Herald, The Age and The Financial Review. The breach, linked to a third-party supplier, resulted in names, postal addresses and email addresses being left accessible online due to a third-party supplier’s security lapse. Nine confirmed payment details and passwords were not compromised and is working to secure affected systems, although the exposure’s duration and potential access by malicious actors remain unclear. Read more here
The British Museum was forced to close several galleries and temporary exhibitions after a former employee allegedly disrupted its IT system. The incident occurred when a contractor who had been fired entered the museum and gained access to its IT network before being apprehended. London’s Metropolitan Police confirmed the arrest of a man in his fifties. The museum has not disclosed the extent of the IT breach but stated it is working to resolve the disruption. Investigations are ongoing. Read more here
CYBERSECURITY TIPS
When signing in to a website such as Facebook or Amazon, have you ever seen the beginning of the URL change from “HTTP” to “HTTPS”? How about a small lock icon at the top of your browser? The “S” in “HTTPS” stands for “secure” and indicates that your web browser is accessing the website through a secure connection that is encrypted and protected from unauthorised access. The lock icon also indicates that the website is secured with a digital certificate.
However, a website is not necessarily secure just because “HTTPS” is included in the URL. A website using HTTPS can be safer than a website using HTTP, but cybercriminals can get HTTPS certificates, too. Cybercriminals often use HTTPS URLs to trick unsuspecting victims into clicking phishing links.
HTTPS websites can offer a false sense of security, so you may be tempted to automatically trust them. However, it’s important to remember that even legitimate HTTPS websites may have vulnerabilities that cybercriminals can exploit. You should never rely on an HTTPS URL or even the lock icon at the top of your browser for security.
Tips to Stay Safe
Follow the tips below to make sure the website you’re visiting is secure:
- Watch out for misspelled domains. For example, a link may contain the word “Annazon” instead of “Amazon.” Some misspellings are easier to catch than others, so make sure to look closely!
- If you receive a login link through email or text message that you weren’t expecting, don’t click it.
- Cybercriminals can send you malicious links that look legitimate. Always navigate directly to the website.
Remember to look for the “S” in “HTTPS” before you enter any sensitive information into a web browser. Even then, remain cautious.
Find out more about cybersecurity for your business here or book a complimentary consultation with our Chief Information Security Officer, Chris Haigh here
