Security

Spear Phishing: What is it and how to protect yourself

Cybercriminals are once again working hard to take advantage of the COVID-19 situation through new phishing campaigns. Most recently, a wide range of political and private-sector organisations in Australia have come under cyber-attack by a “sophisticated state-based cyber actor”. This phishing tactic is called spear phishing. What is spear phishing? Spear phishing is a personalised and more targeted form of phishing, carefully designed to pursue businesses or individuals to obtain confidential information for fraudulent purposes. These emails are carefully designed and tailored to each recipient, so when it appears in the user’s inbox, it seems to be from a legitimate and trustworthy source. Some attackers will go as far as researching individuals they are targeting, so the email communication looks genuine at first glance. Traditional security often does not stop these attacks because they are so cleverly personalised. As a result, they are becoming more difficult to detect. What you need to look out for? Emails with links to files or attachments Slight spelling errors. For example, the letter “o” might be replaced with the number “0” A sense of urgency in the email to change passwords or update personal information Uncommon words and terminology not usually used by the supposed sender. What you can do to protect yourself against spear phishing Check the sender email address first and foremost. Do not simply  trust the displayed names and carefully look at the email address it is sent from Do not click links/attachments from people you do not know and if you are unsure, contact the person directly to see if it is a legitimate email Use caution, particularly if an email ever asks for personal information Update your software. Updates usually include the latest patches for viruses and other malware Educate yourself and others into cybersecurity awareness. Living in the digital age and moving into the future, it is important that we know the risks that come with advances in digital technology. Our staff receive constant training and updates on the most recent cyber-attacks to protect our organisation from being penetrated by malicious malware. We have also introduced additional authentication measures to further protect us from being a target of these attacks.  The protection of our Members and their personal information is always our first priority. If you think you may have entered your credit card, account details or any personal information into a phishing site, please contact us immediately on 1300 36 2000.

Security

Unsolicited calls from Unity Bank in regards to bank account security

We are aware of telephone scammers pretending to be our staff and ringing members about their bank account security. The fraudsters advise that you have a security problem and ask you to install a remote access application, often this is the "Team Viewer" app, which allows the fraudsters access to your computer and capture your internet banking logging details. The scammers then ask you to transfer funds from an account to another, then advise that the funds were transferred back to the original account. With this information they are then able to log on and transfer funds out of the your account. Keep safe from phone scams by: Hang up on unsolicited callers, particularly those requesting you download software Keep all access codes (e.g. card PIN, Online Banking password etc. ) secret and secure. We’ll never ask for this information over the phone or via email. You should never share these codes with anyone If you're unsure, call back on a trusted number (i.e. phone book or company website) to confirm if the caller was genuine Never give a stranger remote access to your computer Keep your computer protected by running and updating security software purchased from trusted sources If you think you've fallen for the scam, contact us immediately on 1300 36 2000.

Security

Australia Post & PayPal scams

Scammers are constantly looking for ways to trick you into supplying your personal and financial information. We have recently discovered scams, specifically pretending to be from Australia Post and PayPal. Below we have demonstrated how you could better protect yourself and your loved ones from these scams. Scams targeting Australia Post customers You may receive a phone call or email from someone pretending to be from Australia Post. The caller or email informs that Australia Post has a refund for you and will ask for your credit card details to process the refund. Should you receive one of these phone calls or emails, please do not hand out any personal information. It is a scam, please either hang up the call or delete the email immediately.  Another Australia Post scam that has been circulating during August involves false text messages informing you of a delivery notice and urging you to click on a link to confirm the address. The link will direct to a fake Australia Post website to get your personal and financial information. Below is an example of the text message: Below is an example of a fake Australia Post website: We suggest you treat this text message the same way as you would approach any suspicious emails you receive if in doubt remove immediately. Please note that Australia Post will never email or text message you to request personal and financial information. To learn more about scams targeting Australia Post customers, please visit Scam alerts on the Australia Post website.  Scams targeting PayPal customers If you use PayPal, please be cautious with scam emails with a subject line such as Suspicious Activity on Your Account or Your account has been limited. These emails will inform that your account details have been altered and hence your account has been limited. Such emails will advise that you need to log in via a specific link to change your personal information. The email may try to force you into supplying your details by warning to lock your account if you do not update your details by a specific date. Below is an example of the scam email Need help? If you believe someone has gained access to your personal details, even if the scam appears unrelated to your finances, you should contact your Bank immediately. A prompt response can be crucial in providing you with the best chance to prevent any loss. If you have concerns about your Unity Bank account contact us on 1300 36 2000 If you have been the victim of identity theft, IDCARE can guide you through the steps to reclaim your identity. Contact them on 1300 432 273 or via https://www.idcare.org You can find out how scams work, how to protect yourself, what to do if you’ve been scammed or report a scam to the Australian Competition and Consumer Commission (ACCC) via the Scamwatch website scamwatch.gov.au

Security

Generational shift behind the rise of identity theft

Australians aged 25 to 44 have overtaken retirees and the elderly for reported cases of identity theft. According to data published by ACCC’s Scamwatch, reported cases are a third higher (32%) in 2020 than the corresponding period for 2019. Historically, Australians over 65 report the most cases, but we are now seeing younger age groups of 25 to 34 and 35 to 44 move to the fore, suggesting a generational shift in this criminal activity. This change reflects broader societal trends for digital technology. Unfortunately, it is easy to focus on the benefits and overlook the pitfalls of sharing information so readily. It can be as simple as clicking on what looks to be a personalised email that actually has a dangerous payload within. Within minutes your device has downloaded a virus that will access personal information such as bank statements, identity particulars and your address book. A good trick is to validate the sender's email address by checking its domain name on Google. If you don’t recognise it, delete it immediately. Alternatively, the criminal starts with one piece of personal information and gradually builds up a profile by harvesting information from social media. In a digital world we tend to disregard traditional mail, but items such as superannuation statements and renewal of driver’s licence cards are pure gold for criminals. Many people are aware of scam activities but most targeted people are caught by surprise when they are contacted by a business chasing payment, or the heart wrenching moment when they realise a criminal group has used their details to take out loans in their name. Losing control of your identity can start a downward spiral with many activities we take for granted severely impacted, whether obtaining a loan, buying a house, starting a business, or even starting a new relationship. It can take hundreds of hours to reclaim a stolen identity and recover from a blemished credit history. Don’t overshare on social media and use privacy settings wisely. Protect your devices and pay attention to security upgrade messages. Lock your email inbox, clean out the junk, and never click on unsuspecting links, even if it is addressed to you. If you think you have provided your account details to a scammer, please contact us immediately on 1300 36 2000. We also encourage you to report it to the ACCC via the report a scam page. This helps them warn people about current scams, monitor trends and disrupt scams where possible.