Fri, Jan 15, 2021

Tis’ the Season for Giving - and Taking

It’s the time of year when many of us will be taking a well-deserved break, but unfortunately for consumers and organisations, cyber criminals don’t take holidays.

A year of unprecedented alarm and uncertainty, coupled with the growing sophistication of cybercriminals, has nurtured the perfect breeding ground for online scams, which according to the Australian Competition and Consumer Commission (ACCC) have jumped a staggering 42% this year—with nearly AU$7 million lost.1

Each year, the Australian Cyber Security Centre (ACSC) warns consumers and organizations to be extra vigilant online, highlighting the range of online threats that proliferate around the festive season period. This typically includes phishing emails with ecards containing malicious links or spoofed emails requesting support for fraudulent charities or causes.

Phishing emails are a common way for cyber criminals to get into a network. Individuals, whether at home or work, who think they are clicking on a link to donate money to a charity or downloading a holiday card may in fact be inviting cybercriminals to compromise an email account or leave behind a banking trojan, which can be used to steal credentials or deploy a ransomware attack.

Phishing for Donations

Common phishing scams this holiday season also include emails seeking donations for fraudulent or fake charities. While for many Australians, the festive season is a time for giving, unfortunately, cybercriminals aren’t so civic-minded and, if given the chance, will exploit community goodwill for financial gain.

Illegitimate charity websites are easy for criminals to develop and difficult for donors to detect, which makes the festive season a particularly lucrative time of year for cybercriminals.

Cyber Criminals Gifting Cyber Criminals

In underground markets and chat platforms where cybercriminals advertise their services, Kroll frequently observes vendors offering services to facilitate phishing attacks. Others are selling entire databases that may be used for identity theft, and in turn, to apply for loans or credit cards in the name of the stolen identity.

A quick glance at the dark web reveals that some personal information is being advertised for as little as AU$10, with popular items for sale, including:

  • Australian license + platinum credit card – AU$123.22
  • Bank account – AU$10
  • Debit card with sim – AU$199
  • Australian 100 points ID for loan applications – AU$100

 

What Can Consumers and Organizations do to Avoid Scams this Festive Season?

Cyber security awareness and good cyber hygiene are key to avoiding cyber scams. Best practices include:

  • Organizations should conduct regular employee security awareness training on how to spot suspicious emails and other online threats. Remind employees of the risks at work and home by directing them to free educational content from the Stay Smart Online Program.
  • Individuals should do online research before contributing to a cause. Searching for the name of the cause along with words such as “reviews,” “complaints” or “scam” may shed light on whether the charity in question is a legitimate one.
  • Avoiding the crowds and shopping online? Before handing over your credit card details, individuals should only buy online from retailers they know and trust. The holiday period can see an increase in the number of fake shopping, travel and accommodation websites, often flaunting offers too good to be true.
  • Sign up to an alert service such as the ACSC Alert Service which provides free, easy-to-understand information for Australians about online threats and provides online security advice to help protect internet users at home, at work and on mobile devices.

Scammers may pose a significant threat this holiday season, but research and due diligence can help ensure a safer online experience.

Source
1https://www.accc.gov.au/media-release/watch-out-for-online-shopping-scams-this-holiday-season



Cyber Risk

Incident response, digital forensics, breach notification, managed detection services, penetration testing, cyber assessments and advisory.

Virtual CISO (vCISO) Advisory Services

Kroll’s Virtual CISO (vCISO) services help executives, security and technology teams safeguard information assets while supporting business operations with augmented cyber expertise to reduce business risk, signal commitment to data security and enhance overall security posture.

Cyber Risk Assessments

Kroll's cyber risk assessments deliver actionable recommendations to improve security, using industry best practices & the best technology available.