Welcome to Cyber Insights. In this edition we highlight callback phishing scams, share the latest security breaches and explain how phishing attacks land in your inbox!
SCAM ALERT
Recruiters often use LinkedIn, a popular professional networking platform, to reach out to potential candidates about job opportunities. Unfortunately, cybercriminals send fake job opportunities through LinkedIn. Currently, they’re taking advantage of cryptocurrency’s growing interest to send fake job openings at cryptocurrency organizations.
In this scam, cybercriminals send you a recruitment message about a job opening at a prominent organization in the cryptocurrency industry, such as Crypto.com. The message claims that positions fill quickly and urges you to download an application attachment. However, downloading the attachment could also be downloading malware that can steal your sensitive information.
Don’t let a job opening scam trick you. Instead, follow the tips below to keep your sensitive information safe:
- Watch out for a sense of urgency in messages that you receive. Phishing attacks rely on impulsive actions, so always think before you click.
- Never click a link or download an attachment in a message that you aren’t expecting.
Verify any recruitment messages by viewing the job openings that the organization has posted from their verified LinkedIn account or on their official website. Then, submit your application directly through these posts.
BREACH UPDATE
Australia’s second-largest telecom Optus has been hit by a ransomware attack. One of the most significant data breaches in Australian history, the incident impacts an estimated 10 million customers or about one-third of Australia’s population. A bad actor using the moniker “optusdata” claimed to be the force behind the attack. Initially, he posted a ransom demand of $1.5 million and the personal data of about 10k people on a dark web forum. They’ve since withdrawn that post. Some news articles have pointed at an API interface configuration error as the access point for the bad guys, but that has not been confirmed. The incident is under investigation.
Read more here >>
CYBERSECURITY TIPS
You may already be aware that you should not open email attachments with an extension such as “.exe”, but did you know that even PDFs or Word Documents can be unsafe to open? Opening these attachments from senders with malicious intent can cause your computer (and any networks to which you are connected) to be compromised, hacked or even riddled with ransomware.
What are the unsafe file types to look out for? This question is better answered by listing file types that are generally considered safe to open. The truth is that almost all file types are at risk of being “booby-trapped” to attack your computer or device.
The general rule is to NEVER open an email attachment if you do not know who it came from or why you received it.
How can I tell if an attachment is safe to open?
- Ask yourself: Was I expecting to receive this attachment? Did it come from who I would expect it to come from? Check email addresses for any “red flags” that may indicate the email address has been spoofed or faked.
- Never open an email attachment if you don’t recognise the sender that it came from.
If you recognise the person or email address sending you the file, but it was still unexpected, contact them first through a different form of communication (such as by phone) to ask them if they intended to send you the file.
Find out more about cybersecurity for your business here or book a complimentary consultation with our Chief Information Security Officer, Chris Haigh here
