Sorry, you need to enable JavaScript to visit this website.
Skip to main content

Latest threat advice

Phishing

Phishing

Aug 13, 2018 - Phishing is a method of stealing confidential information by sending fraudulent messages to a victim. It is one of the most prevalent scams reported in Australia. These messages can be sent via email, SMS, social media, instant messenger or phone call. They can look extremely sophisticated and convincing, replicating legitimate messages from reputable senders. As well as featuring official-looking logos and disclaimers, phishing emails typically include a 'call to action' to trick us into giving out our most sensitive personal information, from passwords to bank details.
Digital trade

Malicious insiders

Aug 13, 2018 - The Australian Cyber Security Centre provides you with up-to-date advice on current threats and vulnerabilities, as well as guidance on mitigation and cyber security best practice.
Drupal 8 logo

Vulnerability in the Drupal content management system

Jul 1, 2018 - The ACSC has become aware of a critical vulnerability in the Drupal content management system. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being completely compromised. Drupal assesses this vulnerability as critical. If you are using a version of Drupal prior to 7.58 or 8.51, the ACSC recommends that you upgrade immediately as per Drupal's advice.
Digital processing

Phishing - Large organisations

Jul 1, 2018 - Phishing is a method of stealing confidential information by sending fraudulent messages to a victim. It is one of the most prevalent scams reported in Australia. These messages can be sent via email, SMS, social media, instant messenger or phone call. They can look extremely sophisticated and convincing, replicating legitimate messages from reputable senders.
Distributed Denial of Service

Distributed Denial of Service

Jul 1, 2018 - The Australian Cyber Security Centre provides you with up-to-date advice on current threats and vulnerabilities, as well as guidance on mitigation and cyber security best practice.
Romance scams

Dating and romance scams

Jul 1, 2018 - The Australian Cyber Security Centre provides you with up-to-date advice on current threats and vulnerabilities, as well as guidance on mitigation and cyber security best practice. The below is based primarily on the advice of the NSW Police.
Data breach cyber attack

Data breaches

Jul 1, 2018 - Organisations collect and store a lot of personal details. You trust them with your address, credit card number, health records and more. Sometimes personal information is released to unauthorised people by accident, or as the result of a security breach. For example, an email with personal information can be sent to the wrong person, or a computer system can be hacked and personal information stolen. These are known as a data breaches, or data spills.
Unauthorised cryptomining

Unauthorised cryptomining

Jul 1, 2018 - The Australian Cyber Security Centre provides you with up-to-date advice on current threats and vulnerabilities, as well as guidance on mitigation and cyber security best practice.
Cyber threats

Common threat types

Jul 1, 2018 - The cyber threat to Australian individuals and organisations is undeniable, unrelenting and continues to grow. You could be a target even if you don't think the information held on your networks is valuable, or that your business would be of interest to cyber adversaries. Many organisations are at risk purely because they are vulnerable through unpatched software or unaware staff members. Common threats impacting Australians include:
Automated alerts

Business email compromise

Jul 1, 2018 - Business email compromise (BEC) is an online scam where a cybercriminal impersonates a business representative to trick you, an employee, customer or vendor into transferring money or sensitive information to the scammer. To begin, a cybercriminal impersonates a trusted person using an email address that appears to be legitimate (this is known as "masquerading"). To do this, they may use a username that is almost identical to the trusted person's name, or a domain that is almost identical to the name of the trusted person's company. Alternatively, they could replace the "from…