As part of this year’s Scams Awareness Week, MailGuard has partnered with the Australian Competition & Consumer Commission (ACCC) to help shine a spotlight on identity theft and scams. This year’s theme is “Be yourself. Don’t let a scammer be you.”
Today’s key message focuses on staying protected from remote access scams. These are scams that typically involve fraudsters impersonating well known telecommunications or computer companies (like Telstra, the NBN or Microsoft) and tricking victims into thinking they have a “tech issue” in order to get access to their computers and steal valuable data and money. The ACCC found in its Targeting Scams report that Australians lost $4.8 million to remote access scams in 2019.
“Scammers usually call pretending to be from a large telecommunications or IT business, and convince you there is a ‘problem’ with your computer or internet, and that you need to buy software to fix it. They may claim your device has a ‘virus’ or that you have been ‘hacked’, or they may pretend to need your help catching a scammer. They’ll request remote access to your computer to find out what the problem is or convince you to buy unnecessary software which they’ll offer to install remotely,” says the ACCC.
The consequences of falling for these scams are grave – after stealing their victim’s money via the purchase of “software”, scammers can continue to access the victim’s computer and steal confidential data, including passwords & credit card details. They can do this by installing malware, such as keyloggers which record and 'log' each key you press. Malware like keyloggers may be used to capture confidential information like login or banking details. Acquiring valuable data can enable scammers to commit further instances of identity theft, widening their victim pool.
As more businesses shift their operations to a remote work model in the midst of the COVID-19 lockdown, the likelihood of remote access scams being successful rises significantly. Criminals exploit frustrations of employees who are no longer able to physically turn to their organisation’s IT or support teams for help when they want to set up multi-factor authentication (MFA) on their devices or update their software and operating systems. This can be stressful – especially for employees who’re working from home for the first time. In this situation, it’s not hard to imagine how an employee might hand access to their computer to someone claiming they can easily update their Internet speed, or fix a hidden “virus” in their computer?
Here at MailGuard, we’re seeing similar email scams that are also leveraging the tech disruptions triggered by remote working. With many companies introducing new software and tech policies to accommodate the rise in remote work, new and unfamiliar IT updates like the one below are commonly sent via organisations as they try to ensure business continuity. Unfortunately, these can be used to lead users to phishing websites, designed to harvest their confidential details, as is the case with this email:
To avoid being a victim of remote access scams, the ACCC recommends the following:
- Never allow anyone remote access to your computer, even if they claim to be from a well-known company such as Telstra or the NBN Co.
- Never give personal, banking or online account details to anyone over the phone, unless you made the call using a trusted phone number.
Secure your devices by keeping your operating system, software and plug-ins up to date, and install current antivirus software.
- Protect your accounts and WiFi network with a secure password.
- Research first and only buy software from a source you know you can trust.
- Back-up your data regularly and securely. The Australian Cyber Security Centre explains how to back up your data.
If you have fallen victim to a scam or you receive a lot of unsolicited emails and phone calls, you are also advised to consider changing your email address and phone numbers.
To further assist professionals working remotely, we’ve compiled some of the most frequently asked questions (FAQs) we’ve heard from employees and some quick recommendations for how they can navigate tech challenges as they continue working from home.
Nine out of 10 cyber-attacks occur via email, so we also encourage companies to ensure their business email security is up to scratch by adopting a strategic, multi-layered approach. It’s sometimes referred to as a ‘defence in depth’ approach, designed to defend a system against attacks using several different methods and solutions, in the event that if one fails, the others will stop the threat.
You may already have native security from your email hosting provider, like Google or Microsoft, but it’s key to remember that no one vendor can stop all attacks. If you are using Microsoft 365 or G Suite, you should also have third-party solutions in place to mitigate your risk. For example, using a specialist third-party cloud email solution like MailGuard to complement Microsoft 365.
We recommend that you report any scam that you see or hear to the relevant authorities. Let this also be a good opportunity to reconsider your business’ cyber readiness and take proactive measures to help your teams become more cyber resilient. If you need more support in protecting your business from email scams, feel free to reach out to us at email@example.com.
One email is all that it takes
All that it takes to break into your business is a cleverly-worded email message. If scammers can trick one person in your company into clicking on a malicious link they can gain access to your data.
For a few dollars per staff member per month, you can protect your business with MailGuard's predictive and advanced email security.
Talk to a solution consultant at MailGuard today about securing your company's network.
Why not stay up-to-date with MailGuard's latest blog posts by subscribing to free updates? Subscribe to weekly updates by clicking on the button below.