Pop up – Demo

Subscribe Form Popup

ShareThis

Microsoft-365-business-Popup

We're here to help Fill out the simple form below & one of our IT experts will be in touch
  • This field is for validation purposes and should be left unchanged.

Mercury IT Managed Services | Brisbane | Gold Coast | Melbourne Logo
1300 668 223 Client login

News

Home / News / Cyber Insights with Mercury IT- November 2022
Contact Us
17 NovNews

Cyber Insights with Mercury IT- November 2022

November 2022

Welcome to Cyber Insights. In this edition we unpack the many breaches that have recently occurred and how this can lead to an influx of persuasive scam emails! Our cybersecurity tips highlight Smishing, what it is and what to look out for so you don’t get caught out!

SCAM ALERT

With the recent hacks on Optus, Medibank and others (8 in total that we know of – see Breaches below for more information) over the last month, criminals have very sensitive data such as Driver’s License numbers, Tax File numbers, Medicare numbers, date of birth and other personal information. The type and amount of information are concerning.

With this type of information, criminals can create persuasive emails using these details to appear more authentic. Then, they will try to gain more knowledge, obtain money from you or use it to extort money. This type of attack is known as phishing.

Just like phishing, the criminals could also use SMS or a phone call or a combination of them to try and part you from your money. Follow the tips below to keep yourself safe:

  • Watch out for a sense of urgency in messages that you receive. Phishing attacks rely on impulsive actions, so always think before you click.
  • Never click a link or download an attachment in a message that you aren’t expecting.
  • Verify any requests for payments
  • Verify a caller by calling the official number. Remember, they have information about you to sound very convincing
  • Monitor your credit file
Latest Breaches

Exploit: Hacking
The Dialog Group: IT Consulting Company
Risk to Business : SEVERE

Singapore Telecommunications Ltd (Sing.tel) has announced that its Australian division, The Dialog Group, has experienced a cyberattack that potentially exposed information about 1,000 current and former employees and an estimated 20 clients. Singtel, which acquired The Dialog Group earlier this year, also owns Optus, the scene of a massive breach just a few weeks ago. However, company officials say that the two incidents are not connected, and the exact nature of the stolen data was unavailable at press time.

Read more here >>

 

Exploit: Ransomware
Medibank Private: Health Insurer
Risk to Business: SEVERE

Australia’s largest private health insurer Medibank Private has confirmed that it fell victim to a ransomware attack last week. The health insurer said that the cause of the attack was compromised credentials. Bad actors used

those credentials to access Medibank’s systems on Wednesday and deploy ransomware. The company’s initial investigation has determined that no customer data was accessed or stolen, but this has changed. Medibank temporarily closed some systems while the activity was investigated but resumed normal business last Friday.

 

CYBERSECURITY TIPS

Watch Out for Smishing!

Many companies, products, and services have started offering text message alerts to keep you up to Date. Unfortunately, scammers are aware of these alerts, and they’re taking advantage of unsuspecting individuals. They send a text with dangerous links or prompt you to respond with personal information by posing as your bank, an online account, or other services – to name a few examples. This Short Message Service (SMS) or text-based phishing scam is called Smishing, and the bad guys have taken a liking to it.

How it works…

The following are only a couple of examples. The bad guys are constantly coming up with new ways to “smish” you:

Use this Link: Scammers pose as a familiar company or service and send shocking alerts such as – “Your account has been locked due to multiple failed logins.” – accompanied by a link to supposedly resolve the issue. Smishing links can contain malware that instantly installs if you make the mistake of clicking. This malware can include keystroke-logging software or permit access to your applications and files–making it easy to steal your identity or hold your files for ransom.

Call this Phone Number: Smishing attacks often try to persuade you into calling a number by telling you there’s been an issue with your account or that suspicious activity has been detected. A scammer will be ready to take your call and persuade you to provide personal information or making a payment.

Think before you tap!

  • Remember that government agencies, banks, or other legitimate businesses will never request sensitive information over text messages.
  • Take your time. Much like email phishing, texting scammers often use the social engineering tactic of creating a false sense of urgency in their message.
  • Never click on any links or call any phone numbers in unexpected texts. Instead, contact the company directly if you want to verify the text message.

Find out more about cybersecurity for your business here or book a complimentary consultation with our Chief Information Security Officer, Chris Haigh here

About the author

Alisha Christian