NBN & IT Consulting | Website Optimisation | StickyWeb - Ballarat
Showing posts from tagged with: Security

It’s Scam Awareness Week

Posted by Stickyweb in Consulting | 0 comments

21.05.18

Scam Awareness Week

Scam Awareness – Stop and check: is this for real?

You should ALWAYS be wary of ANY unsolicited offer that appears in your email or browser screen – but today’s ACCC media release announcing Australians lost $340 million to scammers in 2017 is a timely reminder for all internet users to be on the lookout for scams – particularly ‘Impersonation Scans’

How these scams work

Scammers may pretend to be from a government agency, a well-known company like an energy or telecommunications provider, Australia Post, a bank or police. Their aim is to scare you into parting with your money or personal information and if you don’t, they threaten you with fines, disconnecting your internet, taking you to court, arrest or even deportation.

Tips to protect yourself

  • If you’re contacted unexpectedly and threatened by someone who says they’re from a government agency or trusted business, always consider the possibility that it may be a scam – then stop and check if it’s for real.
  • Don’t be pressured by a threatening caller and don’t respond to threatening emails or voicemail messages asking you to call someone back. If you do, the scammers may increase their intimidation and attempts to get your money.
  • If you’re unsure whether a call or email is genuine, verify the identity of the contact through an independent source, such as a phone book or online search, then get in touch with them to ask if they contacted you. Don’t use the contact details provided by the caller or in the message they sent to you.
  • If you’re still unsure, speak to a family member or friend about what’s happened.
  • Never give money, bank account or credit card details or other personal information to anyone you don’t know or trust – and never by email or over the phone.
  • A government agency or trusted business will never ask you to pay by unusual methods such as with gift or store cards, iTunes cards, wire transfers or bitcoin.
  • Don’t open suspicious texts, pop-up windows or emails and don’t click on links or open attachments – just delete them.
  • Never give anyone remote access to your computer if you’re contacted out of the blue – whether through a phone call, pop up window or email – and even if they claim to be from a well-known company like Telstra.

The following is a snapshot of the leading trends in scam activity in 2017:

The leading scams reported in 2017

As with all things in life … if it seems to good to be true – it probably is!

Australian Competition & Consumer CommissionArticle courtesy of ACCC’s Scam Watch Site

There’s a new KRACK in town …

Posted by Stickyweb in Consulting, Rants | 0 comments

Key Reinstallation Attack - KRACKThere’s a new KRACK hack that puts pretty much every WiFi network at risk … but the media isn’t making much of a fuss!
Due to new vulnerabilities discoveredy in WPA2, the most widely used Wi-Fi security protocol, virtually all devices are now vulnerable to attack. 

To ease your mind – a hacker would have to go to some lengths to exploit this hack – so your home network is probably not much of a target … but institutional networks (i.e. Universities) & Public Networks that require a password are legitimate targets.

To explain in simple terms KRACK allows a hacker to interfere with a process called a four-way handshake that goes something like:
“Hi I want to connect”
“What’s the password?”
“Clever Pa5sw0Rd”
“OK you’re in – here’s an encrypted connection”

Because the hacker interferes with the initial handshake they may be able to decrypt the traffic you exchange over WiFi. This means they’re able to do many, many bad things without even being on the network. Bad things? Like being able to intercept, modify & forge fake data & theoretically be able to inject ransomware or other malware into otherwise safe websites.

If you have a USB drive or are attached to a NAS (Network-attached storage) then it’s a data free-for-all.

It’s worth keeping in mind that in order to pull off such an attack, a KRACK hacker would need to be in your device’s Wi-Fi range and impersonate a network that your device already trusts and would attempt to connect to. 

What makes KRACK scary isn’t that it’s going to cause mass destruction

– but that it exploits a protocol that is pretty much used Everywhere.

The GOOD news is the vulnerability is easily patched so most software & hardware vendors have fixed the issue or will so in the near future.
Your job is to make sure that ALL of your devices are patched when it’s available..

There are lists published already – such as Owen Williams’ Charged blog that list the companies that have already fixed it & links to the patches.

So DON’T PANIC … Keep an eye out for patches, apply as soon as possible, and keep in mind that the issue is fixable.