Welcome to Cyber Intel & Info (CII)

1. Implement robust password security by using unique, complex passwords for all accounts, particularly for critical services like banking, government portals, and email. Consider using a reputable password manager that can generate and securely store strong passwords (e.g. minimum 12 characters, combining uppercase, lowercase, numbers, and special characters).

2. Develop a critical eye for phishing attempts. Before acting on any email or message: verify the sender's full email address (not just the display name), scrutinize the message for urgency tactics or unusual requests, and hover over links to preview URLs. When in doubt, contact organizations directly through their official channels, and never use the contact information provided by the source being verified (i.e. in the potentially malicious email or message).

3. Secure your internet connection with a reputable VPN service, especially if there is a need to use public Wi-Fi networks. Choose a VPN provider that maintains a strict no-logs policy and offers industry-standard encryption (e.g. AES-256). This protects your data from interception and helps maintain your privacy online.

4. Maintain a robust security posture by enabling automatic updates on your devices, applications, and security software. Schedule regular manual checks for updates and, if possible, to complete full backups. If a heavy user of technology that is prone to breaches or malware, maintaining real-time antivirus protection with scheduled deep scans at least weekly, would be advised.

5. Exercise extreme caution with unofficial software sources and unknown websites. Stick to official app stores and verified websites for downloads. The risks associated with unauthorized sources often far outweigh any perceived benefits, potentially exposing your device to malware, ransomware, or data theft.

6. Stay informed about current cyber threats and scam techniques through reputable sources. Visits to Scamwatch and Cyber.gov.au can help one recognize and avoid emerging threats.

7. Practice digital discretion by carefully managing your online presence. Regularly review your social media privacy settings, limit personal information in public profiles, and consider the potential security implications before sharing content online. Remember that seemingly harmless information can later be used for social engineering attacks.

8. Implement secure payment practices by using only verified payment platforms with buyer protection. Never transfer money directly to unknown parties, and be particularly wary of requests for unconventional payment methods like gift cards or cryptocurrency. Where possible, use methods like Visa or Mastercard for better fraud protection.

9. Establish a proactive monitoring routine for your financial accounts. Enable real-time notifications for all transactions, review statements thoroughly, and check your credit report quarterly. Malicious actors (scammers) may attempt to exploit your information to open new accounts or take out loans in your name so every extra precaution against identity theft is worth it.

10. Build a response plan before you need it. Know how to contact your financial institutions, identify relevant authorities for reporting different types of fraud, and maintain offline copies of important contact information. If you suspect a scam, act quickly but calmly. While early intervention often leads to better outcomes, being overly reactive can also lead to mistakes. Proceed via official channels to investigate or rectify the issues and be skeptical of any 'urgent action needed' contact made to you.

Cybersecurity is not just about tools and technology, it's about a mindset that seeks to develop consistent, security-conscious habits. Stay informed, stay vigilant, stay secure online.

1) Act fast: If money is involved, contact your bank or card provider immediately to report the scam and freeze transactions. If not, notify the company or service where you first noticed the scam.

2) Get assistance: IDCARE (Australia/NZ) can help you make a recovery plan for free. Call 1800 595 160 or visit their website. If your bank isn't helpful, you can complain to the Australian Financial Complaints Authority.

3) Warn others: Report the scam to Scamwatch and, if appropriate, to the police.

4) Be extra watchful: Scammers often target victims again. Be cautious of anyone offering to help recover lost money or data—these are usually more scams.

5) Get support: If you're struggling, talk to a financial counsellor (free and confidential) or reach out to friends and family.

"Australia is a soft target for scammers because we don't have the laws and systems in place to prevent scams from taking place." – Consumer Action Law Centre

Cybercrime caused over $3 trillion in damages globally in 2015, and this number is rising.

Protecting your data helps protect your friends, family, and community.

Let's first look at the most common ways that online security and users privacy is breached.

The single biggest cause for data leaks, hacks and privacy breaches is phishing. Individuals and companies alike are a constant target for this cost effective and successful form of malicious action.

Phishing

In simple terms, phishing is when a threat actor pretends to be a trusted entity (e.g. a friend or a financial institution) so you perform some action (e.g. click a hyperlink) so that they can illegally obtain information from you. The ‘fishing’ metaphor refers to the concept of getting a user (you) on the hook and then reeling you in so they can get what they are after, which is typically private data.

These attacks almost always originate in an email or an instant message. Thankfully, it is easier to avoid falling victim to these hacks or scams than people think.

Continue Reading

How to avoid being phished?

Always look closely at the communication and check for any spelling or grammatical errors in the content. Check for errors in the domain names (URL) or email addresses (e.g. @gmall.com rather than @gmail.com). Think twice before clicking any links, if in doubt delete email or message immediately.

Cyber criminals often use threats that your security has been compromised or you’ve lost access to an account and they add a sense of urgency to have you miss the details. If you notice any of these signs always err on the side of caution and delete the communication. Never click on links (URLs) unless absolutely certain they are legitimate.

Now lets take a look at the next two most common malicious actions taken or tools inflicted on users: malware and malicious smartphone apps.

Malware

Malware is hostile software that is there to compromise a system and steal data.

Such programmes perform functions like deleting data, modifying systems, secretly tracking user activity and more. Typically malware finds its way onto a device by users clicking on unknown links or installing pirated software, which leads to the downloading of these harmful programmes. Malware is usually categorised as either a virus, trojan, spyware or keylogger.

How do you safeguard your private data (and finances!) from malware?

First, use legitimate and highly rated anti-virus software. Next make sure automatic updates are enabled for your device’s operating system and for all your applications. This is so you get all security patches that are sent with any new updates. Never download any fake, pirated, or untrusted software as there is a decent chance it contains malware.

Malicious Apps

Malicious Apps are any apps downloaded onto a device that has malicious code, which runs without the users knowledge or consent. The common misconception that all apps available on Google Play or Apple’s App Store are safe and secure, is completely false.

A good example were apps that enabled your smartphone to act as a torch while actually extracting private data in the background before they were removed. The sophisticated illegal apps sometimes go as far as taking full control of your accounts (including finances), gaining access to the microphone and camera and can take full remote control of all your data. They can then steal, encrypt, or delete your private data. Sometimes they simply stay hidden to read and copy the data at will. This is not something anyone would want.

How do we spot and avoid these apps?

Always check the permissions before downloading an app and verify the developer is known. Check the reviews and ratings of the app seem legitimate. Avoid downloading any app if it has only a few downloads or reviews (e.g. less than several thousand). Never download apps from third party app stores or download pirated apps. Lastly, as always, if you are in any doubt, do not download the app, or if have, then delete it immediately from your device(s).

So how do we stay secure?

Be informed - this is why this very website exists. Follow the above tips - the goal is that they become habits that you eventually perform subconsciously. Being aware of phishing, malware, malicious apps and the tips above already gives you an advantage that most people don’t have.

Also, being aware of the hackers psychology. By this I mean to understand that they are looking for easy targets for efficient use of their time to get data or money. If you are harder than other targets in reach, they will move on before they even try. This is great, as deterrent to attempt is the best difference against any cyber crime.

I trust you have learnt something from this article and good luck out there!

Cyber security is a must,
For when online there’s little to trust.
You should protect your data and devices,
To avoid the risks of cyber crises.

Security is a fortress that's hard to breach,
To keep your data out of reach.
It's like a lock that's hard to pick,
A code that's hard to crack or trick.

It's like a shield that's always there,
To protect you, with good software.
It's working hard to keep you safe,
From hackers that come from any place.

Online security can be compared to a fight,
But a battle is not always won by might.
You can respect the rights and rules of others,
Standing proud with your cyber brothers.

So, don't be scared of cyber threats,
Just keep your guard up and no regrets.
Stay safe and secure, my cyber friend,
For your security is ready to defend.

Continue Reading for another Poem

Zach & Jack

There once was a hacker named Jack
Who tried to break into a bank
But he then met his match
In a security eng named Zach
Who foiled his plan with a prank

Zach had detected Jack's intrusion
And so sent him a fake solution
So Jack thought he'd succeeded
But in fact he'd been defeated
And then had to face legal prosecution