Skip to main content

Phishing

Warehouse - small business - man - landing

Protecting small business against cyber attacks during COVID-19

Apr 7, 2020 - The Australian Cyber Security Centre (ACSC) has published advice on how small businesses can better protect themselves from cyber attacks and disruptions during COVID-19. The Head of the ACSC, Ms Abigail Bradshaw CSC, said since early March 2020, there has been a significant increase in COVID-19 themed malicious cyber activity across Australia and small businesses are far from immune.
Australian Government - Australian Signals Directorate - Australian Cyber Security Centre

Cyber scams during the COVID-19 crisis - ABC Radio interview

Mar 27, 2020 - Mr Karl Hanmore, acting Head Australian Cyber Security Centre, interview with Wendy Harmer and Robbie Buck on ABC Radio Sydney, 27 March 2020

Threat update: COVID-19 malicious cyber activity

Mar 27, 2020 - This update is designed to raise awareness of increasing COVID-19 themed malicious cyber activity, and provide practical cyber security advice that organisations and individuals can follow to reduce the risk of being impacted. March 27th 2020.

National Cyber Security Committee urges vigilance as two concerning cyber security threats are in the wild

Nov 7, 2019 - UPDATE: As at 12th November 2019 the CIMA level returned to Level 5 - Normal Conditions. The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC), with its state and territory partners, is continuing to respond to the widespread malware campaign known as Emotet while responding to reports that hackers are exploiting the BlueKeep vulnerability to mine cryptocurrency. The Cyber Incident Management Arrangements (CIMA) remain activated, however the alert level has been downgraded to Level 4 – ‘Lean Forward’.
Check Scam Message Artwork

Widespread exploitation of vulnerable systems via Emotet malware

Oct 24, 2019 - The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) is investigating a widespread malware campaign known as Emotet. Emotet is a Trojan virus delivered via emails sent with malicious attachments. Cyber criminals use malware for different reasons, most commonly to steal personal or valuable information from which they can profit, hold recipients to ransom or install damaging programs onto devices without your knowledge.
Email scam

Business Email Compromise freight forwarding scam

Jul 23, 2019 - The ACSC is warning small to medium sized businesses supplying IT and electrical products of a social engineered email scam requesting quotes on goods. A number of Australian businesses have been forced to close since the scam began due to the losses they have sustained. The amounts lost average between $30K and $100K with the largest to date being $170K. To date, the cyber criminals have yielded more than $700,000 through what has been termed freight forwarding scams.
small and medium business logo

Follow our essential steps to protect your business

May 15, 2019 - This week is national Privacy Awareness Week, an annual initiative of the Office of the Australian Information Commissioner (OAIC) that raises awareness of privacy issues and the importance of protecting personal information. Malicious or criminal attacks are deliberately crafted to exploit known vulnerabilities for financial or other gain. Many cyber incidents exploit vulnerabilities involving a human factor, such as unwittingly clicking on a malicious link and disclosing passwords.
Strong password artwork

Take steps to better secure yourself

May 2, 2019 - The Australian Cyber Security Centre (ACSC) has released a checklist to help Australians protect themselves from cyber criminals. Lottery and grant scams, identity theft, investment scams, hacking, phishing, dating and romance scams, online abuse and sextortion are just some of the threats people face.

Detecting Socially Engineered Messages

Apr 30, 2019 - Socially engineered messages present a significant threat to individuals and organisations due to their ability to assist an adversary with compromising accounts, devices, systems or sensitive information. This document offers guidance on identifying socially engineered messages delivered by email, SMS, instant messaging or other direct messaging services offered by social media applications.
exclamation mark to indicate urgent message

Subject -- Urgent payroll request

Apr 3, 2019 - Cyber criminals are trying to commit payroll fraud by sending fake emails requesting a change to your bank details. The Australian Cyber Security Centre (ACSC) is aware that fraudulent emails have been received by organisations across Australia. These emails spoof the emails and signature blocks of staff, and are sent to HR/payroll areas appearing to ask for a change in bank account details for the current or next pay.  Workers often become targets while on holiday, when their Facebook or Instagram updates reveal that they are away for an extended period of time.
PayPal logo

Fake Paypal emails request ‘account details’

Mar 30, 2019 - The Australian Cyber Security Centre (ACSC) is aware of malicious emails that are falsely advising Australians that their account has violated Paypal rules. These phishing emails try to lure the recipient into sharing personal information, which could then be used for identity theft and financial gain by cyber criminals. The recipient is told their account will be permanently disabled within 48 hours unless the user logs-in using the link provided within the email to ‘update account details’ and ‘activate your account’.

Microsoft warns of Internet Explorer vulnerability

Dec 21, 2018 - Microsoft has released a security update for Internet Explorer after receiving a report from Google about a new vulnerability that is being used in targeted attacks. Security vulnerabilities in applications can be used to execute malicious code on your systems, and using the latest version of applications is one way that you can better protect yourself, as we explain in the Essential Eight.

Medicare & Aus Post SMS scam

Nov 29, 2018 - You may have seen news reports yesterday of an active phishing campaign via SMS, pretending to be from either Medicare or Australia Post. The messages claim that you have a rebate owed or a competition opportunity and asks you to click through to a website and provide your personal details.

Beware of phishing after Cathay Pacific data theft

Oct 30, 2018 - Scammers often take advantage of incidents to trick people into sharing personal or financial information. Cathay Pacific Airways Limited announced last week that there had been 'unauthorised access' to passenger data of approximately 9.4 million people, who were travellers with the company and its wholly owned subsidiary, Hong Kong Dragon Airlines Limited. Although Cathay Pacific said it had no evidence that any personal information was misused, the airline is concerned about the subsequent phishing campaign for passenger information, which people may be tricked into…
Netflix logo

Netflix warns users about malicious emails

Sep 17, 2018 - Always question unexpected requests for your personal or financial information, and keep your passwords safe. Netflix warned subscribers at the weekend about a malicious email campaign that entices users to follow a 'link' to update bank details, but which instead gives cyber criminals access to your bank account. If you suspect you have received a fraudulent email or text message that appears to be from the company, Netflix advises that you follow these tips to keep your information safe and secure:

US urges cyber vigilance after Hurricane Florence

Sep 17, 2018 - Fraudsters often try to exploit our willingness to help those in need, as Australians have experienced in the aftermath of devastating cyclones. The National Cybersecurity and Communications Integration Centre (NCCIC) in the United States has warned users and administrators to be vigilant for malicious cyber activity in the aftermath of Hurricane Florence. Fraudulent emails commonly appear after major natural disasters and often contain links or attachments that direct users to malicious websites.
British Airways

BA warns of secondary fraud after data theft

Sep 12, 2018 - British Airways is continuing to investigate the theft of customer data and warns that fraudsters pretending to be from the airline may try to gather more personal information. ‘We are investigating, as a matter of urgency, the theft of customer data between 22:58 BST August 21 2018 until 21:45 BST September 5 2018 from our website, ba.com, and our mobile app,’ British Airways said. ‘Our website is now working normally.’

Scammers claiming to be from government

Sep 3, 2018 - The Australian Cyber Security Centre (ACSC) is aware of a phone scam in which scammers are posing as employees from Australian Government Agencies. Scammers are attempting to convince you that your computer has been compromised, and to assist in their investigation, they're asking for remote access via a legitimate screen sharing program such as TeamViewer. The scammer then attempts to persuade you to take actions, such as enter a URL into your browser and access your online banking service which then compromises your computer to reveal banking information, enabling them…
Phishing

Phishing

Aug 13, 2018 - Phishing is a method of stealing confidential information by sending fraudulent messages to a victim. It is one of the most prevalent scams reported in Australia. These messages can be sent via email, SMS, social media, instant messenger or phone call. They can look extremely sophisticated and convincing, replicating legitimate messages from reputable senders. As well as featuring official-looking logos and disclaimers, phishing emails typically include a 'call to action' to trick us into giving out our most sensitive personal information, from passwords to bank details.

Fed up with Phishing?

Jul 1, 2018 - Would you 'click here' and enter your bank account or credit card numbers, passwords or birthdate because you received an email or text that looks like it's from a bank or government department? If you answered 'yes', there's no need to feel ashamed. Cyber criminals are tricking more and more of us into sharing our most sensitive information. It's the most common type of scam reported in Australia, according to the latest data.

Combat DNS infrastructure hijacking

Jul 1, 2018 - The Australian Cyber Security Centre (ACSC) is aware of a global Domain Name System (DNS) infrastructure hijacking campaign and urges organisations to protect their systems. 'We encourage administrators to follow best practices, including our Essential Eight mitigation strategies, to better safeguard their systems,' said Alastair MacGibbon, Head of the ACSC.
Phishing

Protect your organisation from phishing

Jul 1, 2018 - Phishing is a method of stealing confidential information by sending fraudulent messages to a victim. The messages often contain a link to a bogus website where victims are coaxed to enter personal details. Phishing emails appear to be from a known and trusted source and can be extremely convincing, but the links and attached files are designed to bypass security and access a network. Spear phishing is a dangerous class of phishing, where criminals use social engineering to target specific companies and individuals using very realistic bait or messages, often resembling…
Digital processing

Phishing - Large organisations

Jul 1, 2018 - Phishing is a method of stealing confidential information by sending fraudulent messages to a victim. It is one of the most prevalent scams reported in Australia. These messages can be sent via email, SMS, social media, instant messenger or phone call. They can look extremely sophisticated and convincing, replicating legitimate messages from reputable senders.
Cyber threats

Common threat types

Jul 1, 2018 - The cyber threat to Australian individuals and organisations is undeniable, unrelenting and continues to grow. You could be a target even if you don't think the information held on your networks is valuable, or that your business would be of interest to cyber adversaries. Many organisations are at risk purely because they are vulnerable through unpatched software or unaware staff members. Common threats impacting Australians include:

2018 - Launching into action

Jul 1, 2018 - Working from new purpose-built headquarters after its official launch in August, the ACSC and its network of Joint Cyber Security Centres (JCSCs) across the country are building on decades of quiet success by Australian agencies. The ACSC, part of the Australian Signals Directorate (ASD), demonstrates the Australian Government's commitment to cyber security in a world where new threats are always emerging.